After running several projects I observe very interesting things about the management of the security projects.
Stakeholders usually have very limited focus. For example if there is a project about network security, they don’t think how to implement some part of the projects into say an application security project.
Moreover stakeholders usually have lack of long term thinking. You should never spend all of your money to achieve a single thing unless it is so critical. In other words you have to be very effective, efficient and smart. If you are doing a project to reduce abuse in your internal computing resources, don’t try to save the day. Try to save the weeks, months, and years. This is not hard to do.
When you design your project, assume that you are playing with lego. With lego you can build home, and you can break down the home and build a car with the same lego pieces. Your projects should be the same. Moreovoer there will be some “plugins”. This means if you want to achieve X, dont just build X. Do this
Build A, B and C and make them to work together to get X as a result of those three plugins.
Moreover the functionality of A, B and C shouldn’t so similar to each other. Make them somewhat diverse by thinking your only condition is that the total result should be X.
Then next time when you are working for a different project, say project Y, think about using at least one plugin you have here i.e.
This makes you use your resources in a smart way and you have a long term thinking.
Always think smart since this will make your projects better and powerful…