How many times have I heard that “a good project manager can manage any project?” Too often for my taste. My biggest issue with the claim is that it begs the question: he statement assumes we all agree that any project manager with a mastery of the profession’s tools and techniques can succeed anywhere.
We’ve finally learned better, and PMI has acknowledged this in its new requirements for PMP continuing education. As PMI itself puts it:
As the global business environment and project management profession evolves, the [certification] program must adapt to provide development of new employer-desired skills…. The ideal skill set — the PMI Talent Triangle — is a combination of technical, leadership, and strategic and business management expertise. (PMI 2015 Continuing Certification Requirements (CCR) Program Updates)
Our pending research on project skill gaps (stay tuned for a webinar invite) shows that executives and senior managers understand this much better than project practitioners. They emphasize strategy, business, and leadership improvements, while practitioners don’t.
Perhaps an example from the current headlines will help. As most of you know, security breaches have wreaked havoc on a number of prominent firms: Target, Home Depot, Sony are simply the most well-known. The sad thing is that the most famous failures could have been prevented.
One of my new favorite podcasts is from Andreessen Horowitz, the venture capital firm. My most recent listen was an interview with Orion Hindawi of Tanium. I recommend listening to the whole thing — it’s less than 30 minutes — as Orion provides some great color to what, where, why, etc. on security attacks and vulnerabilities. The summary hits his sobering message on the head:
The paradox of security is we pretty much know what we are supposed to do most of the time — but we don’t do it. If you examine all the recent high-profile attacks, somebody in the organization knew something was wrong before it happened. They just didn’t have the ability to escalate the problem, or the ability to raise a flag that people took seriously.
In other words, we don’t lack the technical understanding of security risks, or the tools and techniques to mitigate them. We lack the leadership and business savvy to confront the challenge of communicating the risks, then deploying and using our toolkit effectively. The last two sentences show how these skills gaps drive the root causes:
- “Ability to escalate the problem” is a leadership challenge. This suggests that “somebody” wasn’t connected, articulate, or brave enough to get to decision makers.
- “Ability to raise a flag that people took seriously” is a symptom of weak strategy and business skills. If the threat isn’t framed, articulated, and understood in terms serious leaders get, then such warnings are ignored…or even worse, viewed as counterproductive scare mongering.