8
Network Security April 2020
FEATURE
Are your IT staff ready
for the pandemic-driven
insider threat? Phil Chapman
Obviously the threat to human life is
the top concern for everyone at this
moment. But businesses are also starting
to suffer as productivity slips globally
and the workforce itself is squeezed.
The UK Government’s March budget
did announce some measures, especially
for small and medium-size enterprises
(SMEs), that will make this period
slightly less painful for organisations.
However, as is apparent from the tank-
ing stock market (the FTSE 100 has
hit levels not seen since June 2012) the
economy and pretty much all businesses
in the country (unless you produce hand
sanitiser) are going to suffer. There is no
time like now for the UK to embrace
its mantra of ‘keep calm and carry on’
because that is what we must do if we’re
going to keep business flowing.
For the IT department at large there is
lots of urgent work to do to ensure that
the business is prepared to keep running
smoothly even if people are having to
work remotely. The task at hand for cyber
security professionals is arguably even
larger as Covid-19 is seeing cyber criminals
capitalising on the fact that the insider
threat is worse than ever, with more people
working remotely from personal devices
than many IT and cyber security teams
have likely ever prepared for.
This article will argue that the cyber
security workforce, which is already suf-
fering a digital skills crisis, may also be
lacking the adequate soft skills required
to effectively tackle the insider threat
that has been exacerbated by the pan-
demic. It will first examine the insider
threat, and why this has become so
much more insidious because of Covid-
19. It will then look into the essential
soft skills required to tackle this threat,
before examining how organisations can
effectively implement an apprentice-
ship strategy that generates professionals
with both hard and soft skills, includ-
ing advice from the CISO of globally
respected law firm Pinsent Masons, who
will provide insight into how he is mak-
ing his strategy work. It will conclude
that many of these issues could be solved
if the industry didn’t rely so heavily on
recruiting graduates and rather looked
towards hiring apprentices.
The insider threat
In the best of times, every cyber-pro-
fessional knows that the biggest threat
to an organisation’s IT infrastructure
is people, both malicious actors and
– much more often – employees and
partners making mistakes. The problem
is that people lack cyber knowledge and
so commit careless actions – for exam-
ple, forwarding sensitive information to
the wrong recipient over email or plug-
ging rogue USBs into their device (yes,
that still happens). Cyber criminals
capitalise on this ignorance by utilising
social engineering tactics ranging from
the painfully simple, like fake emails
from Amazon, to the very sophisticated,
such as.
8Network Security April 2020FEATUREAre your IT staf.docx
1. 8
Network Security April 2020
FEATURE
Are your IT staff ready
for the pandemic-driven
insider threat? Phil Chapman
Obviously the threat to human life is
the top concern for everyone at this
moment. But businesses are also starting
to suffer as productivity slips globally
and the workforce itself is squeezed.
The UK Government’s March budget
did announce some measures, especially
for small and medium-size enterprises
(SMEs), that will make this period
slightly less painful for organisations.
However, as is apparent from the tank-
ing stock market (the FTSE 100 has
hit levels not seen since June 2012) the
economy and pretty much all businesses
in the country (unless you produce hand
sanitiser) are going to suffer. There is no
time like now for the UK to embrace
its mantra of ‘keep calm and carry on’
because that is what we must do if we’re
going to keep business flowing.
For the IT department at large there is
lots of urgent work to do to ensure that
2. the business is prepared to keep running
smoothly even if people are having to
work remotely. The task at hand for cyber
security professionals is arguably even
larger as Covid-19 is seeing cyber criminals
capitalising on the fact that the insider
threat is worse than ever, with more people
working remotely from personal devices
than many IT and cyber security teams
have likely ever prepared for.
This article will argue that the cyber
security workforce, which is already suf-
fering a digital skills crisis, may also be
lacking the adequate soft skills required
to effectively tackle the insider threat
that has been exacerbated by the pan-
demic. It will first examine the insider
threat, and why this has become so
much more insidious because of Covid-
19. It will then look into the essential
soft skills required to tackle this threat,
before examining how organisations can
effectively implement an apprentice-
ship strategy that generates professionals
with both hard and soft skills, includ-
ing advice from the CISO of globally
respected law firm Pinsent Masons, who
will provide insight into how he is mak-
ing his strategy work. It will conclude
that many of these issues could be solved
if the industry didn’t rely so heavily on
recruiting graduates and rather looked
towards hiring apprentices.
3. The insider threat
In the best of times, every cyber-pro-
fessional knows that the biggest threat
to an organisation’s IT infrastructure
is people, both malicious actors and
– much more often – employees and
partners making mistakes. The problem
is that people lack cyber knowledge and
so commit careless actions – for exam-
ple, forwarding sensitive information to
the wrong recipient over email or plug-
ging rogue USBs into their device (yes,
that still happens). Cyber criminals
capitalise on this ignorance by utilising
social engineering tactics ranging from
the painfully simple, like fake emails
from Amazon, to the very sophisticated,
such as CEO fraud. A contact from
the industry that works at one of the
world’s largest consultancies recently
relayed a case of CEO fraud where a
cyber criminal hacked into a CEO’s
email server to learn the syntax he used.
The hacker then sent a carefully crafted
redemption request to the CEO’s fund
manager and was able to steal £5m.
“Hackers are producing
scams taking advantage of
the Covid-19 pandemic –
with Check Point finding that
coronavirus-related domains
are 50% more likely to install
malware onto your system”
4. Remote working adds a new layer of
complexity to the problem. In 2018,
CybSafe claimed that 32% of organisa-
tions surveyed had experienced a cyber
attack as a direct result of an employee
working outside of the businesses’ secu-
rity perimeter.1 This statistic is prob-
ably conservative in contrast to what
the reality would be now, with The
International Workplace Group report-
ing last year that 50% of employees
globally work away from the office at
least two and a half days a week, which
seems high, and this is shifting closer to
the 100% mark, albeit temporarily.2
Working remotely brings up the same
problems as bring your own device
(BYOD) – if your users are working on
a personal device, is this device secured
with a company-sanctioned level of
anti-virus software and password pro-
tection technologies? Then, personal
device or well-secured work device
Phil Chapman, Firebrand Training
As this article is being written it’s mid-March. The situation
likely will have
changed significantly by the time you read this, as it does by
the day and even
the hour. The World Health Organisation (WHO) has declared
Covid-19 to be
a global pandemic and the UK Government has stepped up its
response from the
5. ‘contain’ to the ‘delay’ phase. Public spaces and transport are
noticeably quieter
and many workplaces are getting emptier as staff members work
from home.
April 2020 Network Security
9
FEATURE
aside, what network are they connect-
ing to? Are they relying on a virtual
private network (VPN) or their home
Internet service provider (ISP) capabil-
ities, which could be more vulnerable
to infiltration than your well-fortified
internal network? As well, being physi-
cally away from the organisation usually
results in a slower response to regular
health-checks such as patching, updates
and upgrades, so it must be a priority
for businesses to establish regular and
planned activities to ensure that all of
this is looked after.
Taking advantage
To make matters worse, hackers are
producing scams taking advantage of
the Covid-19 pandemic – with Check
Point finding that coronavirus-related
domains are 50% more likely to install
malware onto your system.3 Some
attackers have even designed specif-
ic websites that encourage visitors to
6. download an application that will keep
them updated on the latest Covid-19
news. When you download the file, a
map of how the disease is spreading
pops up, but a malicious binary file
(using software known as AZORult)
has been installed in the background.
AZORult is known to steal victims’
browsing history, cookies, ID, pass-
words and crypto-currencies.4 The situ-
ation is so dire that even the WHO has
provided a six-step guide as to what to
look out for, which includes verifying
email addresses, heightened awareness
around providing personal identifiable
information (PII), not feeling pressured
to supply and respond in these times
of urgency and reporting anything that
doesn’t feel right.5
Cyber security teams must make sure
that strict measures and policies are in
place to ensure the highest level of secu-
rity when staff are working from home.
And if this isn’t a common practice
already, now is the time to implement
it – and quickly. Top strategies include
requiring multi-factor authentication to
log into company portals, and requiring
all personal devices to be equipped with
employer-provided security software
and the latest software updates prior to
permitting any access to remote systems.
But, of equal importance is ensuring that
staff are equipped with the essential cyber
7. skills needed to avoid scams – and that
they follow company policy because they
understand why strict measures are in
place. And, funnily enough, to deal with
and teach people, you need people skills!
Hard and soft skills
Before discussing the importance of peo-
ple skills, it must be acknowledged that
something the cyber security workforce
is missing is people. UK cyber security
is now worth £8.3bn and is staffed by
43,000 full-time employees.6 However,
despite this, as we’re all aware, there are
not enough people to fortify organisa-
tions against cybercrime, with the average
data breach costing businesses £3m.7
The International Information System
Security Certification Consortium, or
(ISC)² – a non-profit specialising in train-
ing and certifications for cyber security
professionals – found the global skills
gap grew by 33% in 2019. Some 65% of
firms have a shortage of cyber staff and
the UK needs to increase its workforce by
291,000 people to plug the gap.8
Many organisations will assume that,
because the job is technical, cyber secu-
rity professionals must have a university
degree to qualify. However, this simply
isn’t the case and is part of the reason
why we are struggling to fill the cyber
security skills gap – there aren’t enough
cyber security graduates to defend
against the UK’s cyberthreat. The solu-
8. tion lies with an incredibly underes-
timated group of people. Apprentices
become fantastic cyber security profes-
sionals, who have the technical skills that
graduates have, as well as arguably better
soft skills because their learning process
requires them to get real-world experi-
ence working with people.
Apprentices gain a deep understand-
ing not just of the network, but also the
Weekly registrations of coronavirus-related domain names,
mostly by spammers and other cyber
criminals. Source: Check Point Software.
Cyber criminals have exploited copies of the genuine John
Hopkins University Covid-19 map on
sites designed to deliver malware. Source: Reason Security.
10
Network Security April 2020
FEATURE
business and its culture. This means that,
when putting a cyber security policy
together, they can develop something that
is bespoke to their business. It also means
education and general cyber security com-
munications can take place in the com-
pany’s tone of voice, via the medium that
employees are most likely to read. This
sounds simple, but sadly many businesses
9. view education, policy and communica-
tion as an afterthought. And, as discussed
earlier, this is especially important at
the moment when remote working and
Covid-19-themed hacks are making the
organisation especially vulnerable.
Of course, technical knowledge is crit-
ical. Professionals must understand sys-
tems architecture and be able to identify
attacks and implement relevant defences
(as well as mitigate against issues). But
apprenticeships can still come out tops
because they enable individuals to imple-
ment new skills immediately, allowing
them to put into practice what they’ve
learned. Apprenticeships must not be
underestimated – they are arguably the
best option out there to develop the
truly rounded professionals that the
modern workforce needs.
The cost of
apprenticeship training
A business concern may be that the dif-
ference with an apprentice is that the
organisation has to help train an indi-
vidual from scratch as there is a chance
they’ll have no cyber security knowledge
whatsoever. This is a legitimate con-
cern because apprenticeships do require
investment in time and money, but
arguably no more than a good graduate
scheme would.
“Your organisation may have
10. a recruitment rule, such as
only hiring from red brick
universities, but to find
apprentices from all walks of
life you need to move away
from traditional funnels”
To expand on this, the average cost of
an apprentice for a company amounts to
£18,000 for a one-year programme. With
that, each apprentice will study towards
three to four vendor certifications, as well
as getting a full year’s worth of mentoring
while working and developing those all-
important practical skills at the same time.
This approach exposes them to every
nook and cranny of your systems while
at the same time equipping them with
the skills they need to spot threats from
within. Aside from this being far less than
you’d pay for the average graduate, with
salaries starting around the £28,000 a
year mark, apprenticeships are valuable in
another, less-obvious way – retention.
Paying for apprenticeship qualifications
also doesn’t need to come from your
precious HR budget. The Apprenticeship
Levy is a compulsory UK tax on organi-
sations whereby those with an annual pay
bill in excess of £3m keep aside 0.5% of
the bill minus an additional annual ‘levy
allowance’ of £15,000 which they must
spend on apprenticeships.9 Basically,
organisations have a pot of money which,
11. for many, goes untouched when it could
be used to bring in new apprentices or
upskill existing employees.
Implementing an
apprenticeship strategy
In terms of implementing these schemes
so as to have a strategy that produces the
most well-rounded cyber-professionals,
Christian Toon, CISO at Pinsent Masons,
believes that training apprenticeships are
a key part of a wider, layered approach to
cyber defence within the organisation.
With regards to bringing in apprentices
for the first time, he says: “It’s important
to broaden your recruitment approach.
Your organisation may have a recruitment
rule, such as only hiring from red brick
universities, but to find apprentices from
all walks of life you need to move away
from traditional funnels. Look out for peo-
ple showing a willingness to learn – some
of the best apprentices I have found have
been via online forums like Twitter. Put a
post out via your organisation’s profile and
see what sort of responses come back to
you – you will soon find that people who
aren’t necessarily qualified but have a real
passion for technology will emerge.”
Once you’ve found apprentices and
brought them into your organisation,
Toon acknowledges that there can be
challenges, but flexibility is key.
12. “Organisations must make allowances
for the development of people and of
course this takes time and resources,”
he says. “Especially if you are hiring
younger people who have never worked
in an office before, patience is absolutely
essential and setting aside time for your
apprentices to spend time studying as well
as learning practical skills is key. In terms
of giving them real-world experience,
there are two ways to do this efficiently.
“First, allow them to help on tasks where
they will see a demonstrable change – for
example, blacklisting domains. Second, give
them projects to work on independently:
even better if these projects allow them
to break something. I recently challenged
an apprentice to work on a vulnerability
assessment because with the rise of the IoT
we’ve seen some new wifi networks pop
up on our network. The apprentice had
to scan and identify the networks, profile
Apprentices gain a deep understanding not just of the network,
but also the business and its culture.
April 2020 Network Security
11
FEATURE
them to see what data was beaconing from
13. them to identify their owners and finally, if
compliant with the Computer Misuse Act,
they could try to break any networks that
weren’t meant to be there.”
He concludes with a call out to the
industry.
“I don’t come from a traditional uni-
versity-educated background,” he says,
“so may be more passionate than others
about the importance of supporting
young people who want to get into
digital roles but may find university an
inaccessible route. Training more people
doesn’t just benefit them, it benefits
the entire industry. As Jack Lemmon
said: ‘No matter how successful you get,
always send the elevator back down’.”
The cyber security industry must start
valuing apprenticeships as equal to, if
not better than, a university degree. This
argument may be controversial, especially
seeing as the majority of the cyber secu-
rity populace at this stage probably do
come from a university background. We
most definitely should not stop hiring
graduates but it is of critical importance
that we widen the hiring pool to also
include apprentices, and those from other
departments that have upskilled via digi-
tal apprenticeships.
This unique way of learning the trade
equips people with both the hard and soft
14. skills needed to fight insider threat-centric
cybercrime, which is especially important
at the present when Covid-19 is pushing
more people than ever to work remotely.
We will get through this tricky period and
the cyber-challenges it is throwing at us, as
long as we don’t ignore the cyber security
skills gap and keep educating fantastic pro-
fessionals who can defend the UK and the
world against mounting cybercrime.
About the author
Phil Chapman is a senior cyber security
instructor for Firebrand Training (https://
firebrand.training/uk) who predominant-
ly helps train UK law enforcement. He
has 13 years’ experience as a Microsoft
Certified Trainer and security specialist
and five years’ experience as a military
instructor. Before becoming a trainer he
spent 23 years in both the Ministry of
Defence and the Royal Air Force.
References
1. Jones, Connor. ‘A third of cyber
attacks exploit unsecure remote
working’. ITPro, 20 Dec 2018.
Accessed March 2020. www.itpro.
co.uk/security/32617/a-third-of-
cyber attacks-exploit-unsecure-re-
mote-working.
2. Murphy, Hannah. ‘How remote
working increases cyber security
15. risks.’ Financial Times, 8 Dec 2019.
Accessed March 2020. www.ft.com/
content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9.
3. Mix. ‘Coronavirus domains 50%
more likely to infect your system
with malware’. The Next Web, 6
Mar 2020. Accessed March 2020.
https://thenextweb.com/securi-
ty/2020/03/05/coronavirus-do-
mains-malware-infect/.
4. Mehta, Ivan. ‘Hackers are using
coronavirus maps to infect your
computer’. The Next Web, 11
Mar 2020. Accessed March 2020.
https://thenextweb.com/securi-
ty/2020/03/11/hackers-are-us-
ing-coronavirus-maps-to-in-
fect-your-computer/.
5. ‘Beware of criminals pretending
to be WHO’. The World Health
Organisation, 2020. Accessed March
2020. www.who.int/about/commu-
nications/cyber security.
6. Warman, Matt. ‘UK’s boom-
ing cyber security sector worth
£8.3 billion’. UK Department for
Digital, Culture, Media & Sport,
30 Jan 2020. Accessed March 2020.
www.gov.uk/government/news/
uks-booming-cyber security-sec-
16. tor-worth-83-billion.
7. Caines, Jason. ‘Kaspersky reveals
magnitude of British business
cyber-complacency’. Software
Testing News, 14 Feb 2020.
Accessed March 2020. www.soft-
waretestingnews.co.uk/kaspersky-re-
veals-magnitude-of-british-busi-
ness-cyber-complacency/.
8. Green, Chris. ‘Cyber security skills
gap reaches all-time high’. Firebrand
Training Blog, 18 Nov 2019.
Accessed March 2020. https://blog.
firebrand.training/2019/11/cyber
security-skills-gap-reaches-all-time-
high.html.
9. ‘Guidance: Apprenticeship funding:
how it works’. Education & Skills
Funding Agency, 13 Mar 2020.
Accessed March 2020. www.gov.uk/
government/publications/apprentice-
ship-levy-how-it-will-work/appren-
ticeship-levy-how-it-will-work.
Essentials for selecting a
network monitoring tool
Cary Wright
In 2020, we’re already seeing
threats morph more and more rap-
idly. Standardised attack methods are
17. being automatically synthesised into
multiple, even individually customised
attack vectors based on results from prior
attacks. Rapidly changing attacks custom-
ised to individuals are relegating standard
signature-based threat detection to basic
Cary Wright, Endace
Enterprises are increasingly aware of how essential it is to have
efficient tools in
place to monitor for cyber security and performance issues.
However, the selection
process can be daunting and some organisations are not clear on
the key features
to look for in a network-monitoring tool.
https://firebrand.training/uk
https://firebrand.training/uk
http://www.itpro.co.uk/security/32617/a-third-of-
cyber%20attacks-exploit-unsecure-remote-working
http://www.itpro.co.uk/security/32617/a-third-of-
cyber%20attacks-exploit-unsecure-remote-working
http://www.ft.com/content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9
http://www.ft.com/content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9
http://www.ft.com/content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9
https://thenextweb.com/securi�ty/2020/03/05/coronavirus-
do�mains-malware-infect/
https://thenextweb.com/securi�ty/2020/03/05/coronavirus-
do�mains-malware-infect/
https://thenextweb.com/securi�ty/2020/03/05/coronavirus-
do�mains-malware-infect/
23. Appendix 2: Chapter Questions 196
Appendix 3: Chapter Audio Files 204
About the Author 205
Versioning History 206
List of Links by Chapter for Print 208
Accessibility Statement
BCcampus Open Education believes that education must be
available to everyone; this means supporting
the creation of free, open, and accessible educational resources.
We are actively committed to increasing
the accessibility and usability of the textbooks we produce.
Accessibility features of the web version of this resource
The web version of Project Management includes the following
features:
• It as been optimized for people who use screen-reader
technology:
◦ all content can be navigated using a keyboard
◦ links, headings, tables use proper markup
◦ all images have text descriptions
• It includes an option to increase font size (see tab on top right
of screen titled, “Increase Font
24. Size.”)
• Audio files are available for each chapter (see Appendix 3:
Chapter Audio Files).
Other file formats available
In addition to the web version, this book is available in a
number of file formats including PDF, EPUB
(for eReaders), MOBI (for Kindles), and various editable files.
Here is a link to where you can download
this book in another file format. Look for the Download this
book drop-down menu to select the file type
you want.
This book links to a few external websites. For those using a
print copy of this resource, the link text
is underlined, and you can find the web addresses for all links
in the back matter of the book.
Known accessibility issues and areas for improvement
The PowerPoint slides available for download from Appendix 1:
Project Management PowerPoints have
not been checked for accessibility. In addition, external
websites linked to from this text may not meet
accessibility guidelines.
Let us know if you are having problems accessing this book
If any of the above accessibility issues are stopping you from
accessing the information in this text-
vi
https://opentextbc.ca/projectmanagement/
25. https://opentextbc.ca/projectmanagement/
https://opentextbc.ca/projectmanagement/
book, please contact us to let us know and we will get it fixed.
If you discover any other issues, please
let us know of those as well.
Please include the following information:
• The location of the problem by providing a web address or
page description
• A description of the problem
• The computer, software, browser, and any assistive technology
you are using that can help us
diagnose and solve your issue
e.g., Windows 10, Google Chrome (Version 65.0.3325.181),
NVDA screen reader
You can contact us one of the following ways:
• Contact form: BCcampus Support
• Web form: Report an Open Textbook Error
This statement was last updated on September 18, 2019.
2nd Edition vii
https://open.bccampus.ca/contact-us/
https://open.bccampus.ca/reporting-an-open-textbook-error/
About the Book
32. that all projects share.
x
Preface
The primary purpose of this text is to provide an open source
textbook that covers most project manage-
ment courses. The material in the textbook was obtained from a
variety of sources. All the sources are
found in the reference section at the end of each chapter. I
expect, with time, the book will grow with
more information and more examples.
I welcome any feedback that would improve the book. If you
would like to add a section to the book,
please let me know.
xi
1. Project Management: Past and Present
Careers Using Project Management Skills
Skills learned by your exposure to studying project management
can be used in most careers as well as
in your daily life. Strong planning skills, good communication,
ability to implement a project to deliver
the product or service while also monitoring for risks and
managing the resources will provide an edge
toward your success. Project managers can be seen in many
industry sectors including agriculture and
33. natural resources; arts, media, and entertainment; building
trades and construction; energy and utilities;
engineering and design; fashion and interiors; finance and
business; health and human services; hos-
pitality, tourism, and recreation; manufacturing and product
development; public and private education
services; public services; retail and wholesale trade;
transportation; and information technology.
Below we explore various careers and some of the ways in
which project management knowledge can
be leveraged.
Business Owners
Business owners definitely need to have some project
management skills. With all successful businesses,
the product or service being delivered to the customer meets
their needs in many ways. The product or
service is of the quality desired, the costs are aligned with what
the consumer expected, and the timeli-
ness of the product or service meets the deadline for the buyer
of that item.
The pillars of project management are delivering a
product/service within schedule, cost, scope, and
quality requirements. Business owners need planning,
organizing, and scoping skills and the ability to
analyze, communicate, budget, staff, equip, implement, and
deliver.
Understanding the finances, operations, and expenses of the
business are among the skills that project
managers learn and practice. Some businesses may focus more
on accounting, providing financial
advice, sales, training, public relations, and actuary or
34. logistician roles. Business owners may own a
travel agency or provide hospitality. Business owners could be
managing a storefront or a location in
their town’s marketplace.
Example: Restaurant Owner/Manager
Restaurant managers are responsible for the daily operations of
a restaurant that prepares and serves
meals and beverages to customers. Strong planning skills,
especially coordinating with the various
departments (kitchen, dining room, banquet operations, food
service managers, vendors providing the
supplies) ensure that customers are satisfied with their dining
experience. Managers’ abilities to recruit
and retain employees, and monitor employee performance and
training ensure quality with cost contain-
ment. Scheduling in many aspects, not only the staff but also
the timing of the food service deliveries, is
critical in meeting customer expectations.
Risk management is essential to ensure food safety and quality.
Managers monitor orders in the
kitchen to determine where delays may occur, and they work
with the chef to prevent these delays. Legal
compliance is essential in order for the restaurant to stay open,
so restaurant managers direct the clean-
1
ing of the dining areas and the washing of tableware, kitchen
utensils, and equipment. They ensure the
safety standards and legality, especially in serving alcohol.
Sensitivity and strong communication skills
35. are needed when customers have complaints or employees feel
pressured because more customers arrive
than predicted.
Financial knowledge is needed for the soundness of running the
restaurant, especially tracking special
projects, events, and costs for the various menu selections.
Catering events smoothly can be an outcome
of using project plans and the philosophy of project
management. The restaurant manager or the execu-
tive chef analyzes the recipes to determine food, labour, and
overhead costs; determines the portion size
and nutritional content of each serving; and assigns prices to
various menu items, so that supplies can be
ordered and received in time.
Planning is the key for successful implementation. Managers or
executive chefs need to estimate food
needs, place orders with distributors, and schedule the delivery
of fresh food and supplies. They also
plan for routine services (equipment maintenance, pest control,
waste removal) and deliveries, including
linen services or the heavy cleaning of dining rooms or kitchen
equipment, to occur during slow times
or when the dining room is closed. A successful restaurant
relies on many skills that the project manage-
ment profession emphasizes.
Outsourcing Services
Figure 1.1: Sample status chart, which is typical with the use of
a red-yellow-green
Many businesses explore outsourcing for certain services.
Below is a sample status and project plan that
reflects the various tasks needed for a project. A review of
36. finances, the importance of communicating
to stakeholders, and the importance of time, cost, schedule,
scope, and quality are reflected. Many com-
panies may use these steps in their business. These plans show
the need for the entire team to review the
various proposals to choose the best plan. Figure 1.1 represents
a sample project status report.
1. Project Management: Past and Present 2
https://opentextbc.ca/projectmanagement/wp-
content/uploads/sites/3/2019/08/Sample-status-chart-1.png
https://opentextbc.ca/projectmanagement/wp-
content/uploads/sites/3/2019/08/Sample-status-chart-1.png
Example: Construction Managers
Construction managers plan, direct, coordinate, and budget a
wide variety of residential, commercial,
and industrial construction projects including homes, stores,
offices, roads, bridges, wastewater treat-
ment plants, schools, and hospitals. Strong scheduling skills are
essential for this role. Communication
skills are often used in coordinating design and construction
processes, teams executing the work, and
governance of special trades (carpentry, plumbing, electrical
wiring) as well as government representa-
tives for the permit processes.
A construction manager may be called a project manager or
project engineer. The construction man-
ager ensures that the project is completed on time and within
budget while meeting quality specifica-
tions and codes and maintaining a safe work environment. These
managers create project plans in which
37. they divide all required construction site activities into logical
steps, estimating and budgeting the time
required to meet established deadlines, usually utilizing
sophisticated scheduling and cost-estimating
software. Many use software packages such as Microsoft
Project® or Procure® or online tools like Base-
Camp®. Most construction projects rely on spreadsheets for
project management. Procurement skills
used in this field include acquiring the bills for material, lumber
for the house being built, and more.
Construction managers also coordinate labor, determining the
needs and overseeing their performance,
ensuring that all work is completed on schedule.
Values including sustainability, reuse, LEED-certified building,
use of green energy, and various
energy efficiencies are being incorporated into today’s projects
with an eye to the future. Jennifer Rus-
sell, spoke about project management and global sustainability”
at the 2011 Silicon Valley Project Man-
agement Institute (PMI) conference. She informed the attendees
of the financial, environmental, and
social areas in expanding the vision of project management with
the slide in Figure 1.2. These values are
part of the PMI’s code of ethics and professionalism. By
adhering to this code, project managers include
in their decisions the best interests of society, the safety of the
public, and enhancement of the environ-
ment.
3 2nd Edition
Figure 1.2: In addition to considering the cost, scope, and
schedule of a project, a project manager should work to
38. ensure the project is socially responsible, environmentally
sound, and economically viable.
Creative Services
Creative service careers include graphic artists, curators, video
editors, gaming managers, multimedia
artists, media producers, technical writers, interpreters, and
translators. These positions use project man-
agement skills, especially in handling the delivery channel and
meeting clients’ requirements.
Let us look at one example, graphic artists, to understand and
identify some of the project management
skills that aid in this career.
Example: Graphic Artists
Graphic artists plan, analyze, and create visual solutions to
communication problems. They use many
skills found in project management, especially communications.
They work to achieve the most effective
way to get messages across in print and electronic media. They
emphasize their messages using colour,
type, illustration, photography, animation, and various print and
layout techniques. Results can be seen
in magazines, newspapers, journals, corporate reports, and other
publications. Other deliverables from
graphic artists using project management skills include
promotional displays, packaging, and market-
ing brochures supporting products and services, logos, and
signage. In addition to print media, graphic
artists create materials for the web, TV, movies, and mobile
device apps.
Initiation in project management can be seen in developing a
39. new design: determining the needs of
the client, the message the design should portray, and its appeal
to customers or users. Graphic designers
consider cognitive, cultural, physical, and social factors in
planning and executing designs for the target
1. Project Management: Past and Present 4
https://opentextbc.ca/projectmanagement/wp-
content/uploads/sites/3/2014/06/cost-scope-schedule-
triangle.png
https://opentextbc.ca/projectmanagement/wp-
content/uploads/sites/3/2014/06/cost-scope-schedule-
triangle.png
audience, very similar to some of the dynamics a project
manager considers in communicating with var-
ious project stakeholders. Designers may gather relevant
information by meeting with clients, creative
staff, or art directors; brainstorming with others within their
firm or professional association; and per-
forming their own research to ensure that their results have high
quality and they can manage risks.
Graphic designers may supervise assistants who follow
instructions to complete parts of the design
process. Therefore scheduling, resource planning, and cost
monitoring are pillars of project management
seen in this industry. These artists use computer and
communications equipment to meet their clients’
needs and business requirements in a timely and cost-efficient
manner.
Educators
40. “Educator” is a broad term that can describe a career in
teaching, maybe being a lecturer, a professor, a
tutor, or a home-schooler. Other educators include gurus,
mullahs, pastors, rabbis, and priests. Instruc-
tors also provide vocational training or teach skills like learning
how to drive a car or use a computer.
Educators provide motivation to learn a new language or
showcase new products and services. Educators
use project management skills including planning and
communication.
Let us look at teachers, since we all have had teachers, and see
if we can recognize the project man-
agement skills that are demonstrated in this profession.
Example: Teachers
Some teachers foster the intellectual and social development of
children during their formative years;
other teachers provide knowledge, career skill sets, and
guidance to adults. Project management skills
that teachers exhibit include acting as facilitators or coaches
and communicating in the classroom and
in individual instruction. Project managers plan and evaluate
various aspects of a project; teachers plan,
evaluate, and assign lessons; implement these plans; and
monitor each student’s progress similar to the
way a project manager monitors and delivers goods or services.
Teachers use their people skills to man-
age students, parents, and administrators. The soft skills that
project managers exercise can be seen in
teachers who encourage collaboration in solving problems by
having students work in groups to discuss
and solve problems as a team.
Project managers may work in a variety of fields with a broad
41. assortment of people, similar to teachers
who work with students from varied ethnic, racial, and religious
backgrounds. These teachers must
have awareness and understanding of different cultures.
Teachers in some schools may be involved in making decisions
regarding the budget, personnel, text-
books, curriculum design, and teaching methods, demonstrating
skills that a project manager would pos-
sess such as financial management and decision making.
Engineers
Engineers apply the principles of science and mathematics to
develop economical solutions to technical
problems. As a project cycles from an idea in the project charter
to the implementation and delivery of
a product or service, engineers link scientific discoveries to
commercial applications that meet societal
and consumer needs.
Engineers use many project management skills, especially when
they must specify functional require-
ments. They demonstrate attention to quality as they evaluate a
design’s overall effectiveness, cost, reli-
5 2nd Edition
ability, and safety similar to the project manager reviewing the
criteria for the customer’s acceptance of
delivery of the product or service.
Estimation skills in project management are used in
engineering. Engineers are asked many times to
42. provide an estimate of time and cost required to complete
projects.
Health Care
There are many jobs and careers in health care that use project
management skills. Occupations in the
field of health care vary widely, such as athletic trainer, dental
hygienist, massage therapist, occupa-
tional therapist, optometrist, nurse, physician, physician
assistant, and X-ray technician. These individ-
uals actively apply risk management in providing health care
delivery of service to their clients, ensuring
that they do not injure the person they are caring for. Note:
There is a section on nursing later in this
chapter.
Many of you may have had a fall while you were growing up,
and needed an X-ray to determine if
you had a fracture or merely a sprain. Let us look at this career
as an example of a health care profes-
sional using project management skills.
Example: Radiology Technologists
Radiology technologists and technicians perform diagnostic
imaging examinations like X-rays, com-
puted tomography (CT), magnetic resonance imaging (MRI),
and mammography. They could also be
called radiographers, because they produce X-ray films
(radiographs) of parts of the human body for use
in diagnosing medical problems.
Project management skills, especially people skills and strong
communication, are demonstrated
when they prepare patients for radiologic examinations by
43. explaining the procedure and what position
the patient needs to be in, so that the parts of the body can be
appropriately radiographed. Risk man-
agement is demonstrated when these professionals work to
prevent unnecessary exposure to radiation by
surrounding the exposed area with radiation protection devices,
such as lead shields, or limiting the size
of the X-ray beam. To ensure quality results, the health
technician monitors the radiograph and sets con-
trols on the X-ray machine to produce radiographs of the
appropriate density, detail, and contrast. …