Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

One example of how a tailored solution for a client engagement delivered benefits.

When our cybersecurity professionals engage with clients, there are many diverse tools and processes we may utilize to effectively and efficiently manage the particular project. However, there are times when each project manager must customize a solution for a particular project to develop an innovative result.

Clients often have a unique environment or a new condition requiring a specific solution. One recent example is a project I managed for a large chemical company that required significant upfront planning. In my experience managing IT development projects, I sometimes use mind maps to successfully manage projects. This brought a thought to my mind: can mind maps be used to manage your cybersecurity projects?

In a word – absolutely! I have used the popular mind-mapping tool XMind to manage projects for several years. These projects range from software and infrastructure development to cybersecurity. I had used mind maps for many years for brainstorming and Six Sigma activities, but as I got into agile project management, I found that mind maps were extremely well suited to help me maintain effective control of my projects.

As with any activity, failure to effectively plan a project may cause significant issues during execution, including cost and schedule overruns as well as deficiencies in the deliverables. In extreme cases, incomplete planning may lead to outright failure of the project. I found the Kanban approach to project management to be intuitive and efficient, especially for non-development projects like cybersecurity. While these types of methodologies are not warranted for all projects and engagements, I felt the Kanban and mind mapping approach was appropriate for one cybersecurity project. This was based on the size and maturity of the team, the flexibility and fluidity of the schedule, and the level of reporting required. What follows is an example (not an endorsement) of managing a project using XMind to allow for following the Kanban method.

What is Kanban?

Kanban in Japanese means, “sign board” and was adopted from ‘just-in-time’ manufacturing processes. It is a visual system that tells what, when, and how much to produce and includes lean principles that provides an incremental and evolutionary approach to process improvement. There are six core practices:

  1. Visualize the workflow
  2. Limit the work-in-progress
  3. Manage the flow
  4. Implement feedback loops
  5. Make policies explicit
  6. Improve collaboratively and evolve experimentally

The key for me was the ability to visualize the workflow. I am a visual person and this greatly improved my ability to track progress and effectively communicate with both my team and management. Conventional wisdom indicates that Kanban is best suited for operations and maintenance projects where it is unknown when or what tasks will be required, but I found that it was a very efficient methodology for most any project. By utilizing this methodology, the team pulls the next highest priority task from the backlog and conducts a periodic review of the backlog to reprioritize tasks to ensure we were always working on the highest priority activities. I use this process for my infrastructure and cybersecurity projects.

Why Mind Maps?

There is no one “best” tool. It comes down to what works best for that particular project. Some projects are simple enough that tracking using Microsoft Excel® is sufficient. Other projects are sufficiently complex and have interdependencies that lead you to utilize tools like Microsoft Project. The main challenge that I had was in finding a tool that would best suit my needs. One client was in the process of divesting a segment of their business and they needed to separate the Process Control Networks (PCN) for each business. Our project was to separate the PCN firewalls, standing up new firewalls at the separation points. The tasks were highly repetitive (the same series of tasks for each firewall) and they could be handled in any order, based on when each of the sites was available to perform the migration. This led me toward an agile approach and Kanban specifically provided the level of reporting needed. The status of each firewall could be easily mapped to a process state in the Kanban board.

MS Project was out because it couldn’t easily handle the agile approach. Tools like JIRA and Team Foundation Server worked and included several great capabilities for team integration, but were geared more toward Scrum and didn’t offer the flexibility I really needed. In the end, I found that using a mind map worked the best. It was cheap (free) to implement, did not require us to install a tool or web service on the client’s infrastructure, and most importantly, was effective in helping me manage my project internally with the team and externally with the client.

So, how can mind maps help you as a project manager? Let’s take a look at a typical mind map (Figure 1).

Figure 1: Standard Mind Mapstandard_mind_map.png

This mind map was created with a FOSS tool called XMind. It has all of the elements needed to manage a project, but as you can see, the format is not suited to visualize the workflow. Fortunately, XMind has a matrix structure that transforms this information into a true Kanban board (Figure 2).

Figure 2: XMind Matrix Viewxmind_matrix_view.png

With this structure, you can define your process steps and the set of swim lanes that best help you to break up and visualize the work. This could be by location, release, team, individual, or whatever best helps you manage your project. For example, when I was working on a project to rebuild all of the firewalls for a client, we broke it down by site. Therefore, each firewall was listed as a task for that site and you could easily see what the status was for each firewall at each location. This became the vehicle for communicating status with the client because the visual nature of the Kanban board made it simple to see how we were progressing and which sites were in trouble because activities were being blocked, either by internal or external events.

One other key feature with this approach is that each of the tasks is its own mind map, so you can easily keep all of the information associated with that task right at your fingertips as shown in Figure 3.

Figure 3: Task Detailsfigure_3-task_details.png

For example, with the firewall tasks, I would keep all of the documentation on the rules, meeting notes, design decisions, and any other relevant information with that task so that I could easily refer back to them as needed. In addition, these notes were extremely useful during our client status meetings. We had all of the relevant information readily available if we needed to drill down, and we had a place to document decisions. Because this is such an extensible format, you can easily keep everything regarding your project within one tool as shown in Figure 4.

Figure 4: Complete Project Plancomplete_project_plan.png

Even though XMind fully implements a Kanban board and helps integrate all project data, there are still opportunities for improvement and it might not be the best tool for all projects. The biggest shortfall in fully visualizing the workflow is that the swim lanes are fixed. Once you decide that you want to break the data apart by location, it is very hard to re-categorize the data based on the team or project phase. Therefore, while some questions can be easily answered, others may be far less intuitive. This has been an issue with every tool that I have reviewed. Additionally, you may need more of an automated workflow within the tool to support team integration.  

Real-world Benefits

Making the flow of work visible is core to understanding how work proceeds. Without understanding all workflow interactions, making the right decisions is harder. Using XMind to manage cyber security projects demonstrates our team’s ability to be agile and resourceful no matter the environment. The output provided from this tool allows us to effectively illustrate and communicate progress to client stakeholders within an independent workspace that doesn’t require infrastructure behind it.

XMind has enabled me to deliver projects on time, on budget, and with high quality. It reduced the “mechanics” so that I can focus on the project. Another key advantage is that visualizing the work facilitates continuous process improvements. Through visualization, the team becomes partners in incorporating lean principles, which encourages small, continuous, incremental, and evolutionary changes that stick.

This post illustrates just one example of how our cybersecurity professionals can deploy flexible strategies to help your organization achieve project success!

Find out how we can be a strong partner on your next cybersecurity project.


John is an innovative, results-oriented Project Manager with extensive experience managing traditional and agile software projects as well as managing infrastructure, network, and cyber security projects. He has experience as both a developer in real-time embedded systems as well as experience as a verification engineer. For the past two years, he has provided Project Management expertise for several commercial clients as a consultant for Commercial Cyber Solutions. He brings a proven 26 year record of performance in diverse organizations in both technical and functional management and across several industries, including financial, government, pharmaceutical, and chemical. Mr. Messina holds a Bachelors Degree in Computer Science from Purdue University, a Masters Degree in Software Engineering from Penn State University, and a MBA from DeVry University. He also holds a Project Management Professional (PMP) certification from PMI.