Sunday, March 17, 2024

Heat Batteries


Does your project need green energy for development purposes, or is your project incorporating green energy in a deliverable?

Perhaps a Heat Battery fits your need.
As reported by the WSJ:
".... researchers are developing heat batteries—also called thermal batteries—that store renewable energy as heat and then release it on demand to power industrial processes.

Traditional batteries store and release power by moving lithium ions through a liquid from the cathode to the anode, and back again. They are great when space is at a premium, as is the case inside EVs. But they are relatively expensive and typically can only discharge energy for a few hours, limiting their industrial applications.

Heat batteries, on the other hand, work by passing current through a resistor to heat some type of material that can stay hot for days—such as bricks, rocks or molten salt. These materials can store energy generated from intermittent renewable sources as heat—and then release it on demand whenever it’s needed"
There are companies in various stages of readiness on heat batteries. Some actually delivering product, and others are still researching the opportunity. 

This may be a "hot" topic in the future!



Like this blog? You'll like my books also! Buy them at any online book retailer!

Thursday, March 14, 2024

From soda straws to 'constant stare'


Does your project have proprietary or other intellectual property that is, of necessity, our of doors?
Specialized antennas, telescopes, and other sensors?
Unique infrastructure or private facilities?
Proprietary ground or air or even space and underwater vehicles, or vehicle performance?
New, competitive installations?

In the past, you could keep the wraps on by simply hiding the location, or restricting access and observation from the ground.

There were a handful of earth-observing satellites, mostly run by governments, that had a 'soda-straw' look at any point on earth, and then often only for a short time. Revisit rates varied from a couple of hours to perhaps a geo-stationary stare until some other mission had to be satisfied.

With predictable orbits and observation parameters, the ground target could take countermeasures.

Then came drones, with long time-over-target durations, but nonetheless limited by fuel and other mission assignments. But drones are not altogether stealthy, as yet, and so there are countermeasures that can be employed by the target.

Constant stare: 
Now comes 'constant stare', the conception being 24x7 global real time observation of anywhere. Tried and true countermeasures go out the window.

To get to constant stare, perhaps thousands of satellites, about the size of a loaf of bread are to be deployed. And for the most part this capability is provided by civilian reconnaissance companies whose objective is to monetize this service.

A recent essay by David Zikusoka makes this observation:
"..... AI has enabled the teaming of humans and machines, with computer algorithms rapidly sifting through data and identifying relevant pieces of information for analysts. 

Private satellite-launching companies such as SpaceX and Rocket Lab have leveraged these technologies to build what are termed “megaconstellations,” in which hundreds of satellites work together to provide intelligence to the public, businesses, and nongovernmental organizations. These companies are updating open-source, planet-scale databases multiple times per day. Some of these companies can deliver fresh intelligence from nearly any point on the globe within 30 minutes of a request."

On the risk register
This stuff needs to get on the risk register.
So, first balloons, then the occasional overflight, more recently drones, and soon to come 'constant stare'. 

When constructing the risk register, and considering the time-sensitivity of proprietary project information, take into account that others may be observing, measuring, and analyzing right along side your project team.




Like this blog? You'll like my books also! Buy them at any online book retailer!

Monday, March 11, 2024

Help coming: IT Risk Management


Risk Management in IT projects 
For years (a lot of years) IT companies have been paying bounties to hackers to find vulnerabilities in target IT systems and report them to bug fixers before they become a business hazard. This bounty system has worked for the most part, but it's a QC (find after the fact) rather than QA (quality built-in) approach, somewhat of necessity given the complexity of IT software systems. 

Enter AI agents
Now, of course, there is a new sheriff in town that aims more at QA than QC: AI bug detectors based on the large language models (LLM) that can be deployed to seek out the bug risks earlier in the development and beta cycles.

But the idea is summarized by Daniel Miessler this way:
The way forward on automated hacking is this: 1) teams of agents, 2) extremely detailed capture of human tester thought processes, lots of real-world examples, and time. I suspect that in 2-5 years, agent-based web hacking will be able to get 90% of the bugs we normally see submitted in web bug bounties. But they’ll be faster. And the reports will be better. That last 10% will remain elusive until those agents are at AGI level.

Zero Trust
CISA, the nation's cyber-defense agency, is continuing its 'zero trust' IT systems imitative, now with an office dedicated to the program. Some of the program details are found here, including information about the Zero Trust Security Model.

 


Like this blog? You'll like my books also! Buy them at any online book retailer!

Thursday, March 7, 2024

Redesigning the "Meeting"


From Connor Grant at the WSJ:
The traditional business meeting is changing; the 'pandemic' made me do it!
Here is Grant's reporting -- somewhat abridged -- on changes now in place and expected to come:
1. More office meeting rooms will have high-tech equipment such as holograms, virtual reality and other immersive technologies that allow remote workers to feel like they are in the same room as their in-office colleagues ....

2. Employers will conduct walk-and-talk meetings outside, reducing the amount of time spent looking at—or being distracted by—screens. 

3. Managers will "pregame" meetings by asking workers to add thoughts, ideas or feedback to a shared meeting document at least a week in advance. 

4. Some companies will have once-a-quarter retreats at hotels or co-working spaces

5. Businesses will use mixed-reality tools to supercharge premeeting preparation ... [and] receive real-time feedback when they practice presentations or conversations.



Like this blog? You'll like my books also! Buy them at any online book retailer!

Sunday, March 3, 2024

Some Big Words about the Risk Register


Every PMO plan includes some form of risk management, and a favorite way to communicate risk to your team, sponsors, and other stakeholders is the (ageless) risk register.

So much has been written about the ubiquitous risk register, it's a wonder there is anything more to be said. But here goes:

In simplest terms, the risk register is a matrix of rows and columns showing the elements of expected value:
  • Rows identify the risk impact and give it some weight or value, which can be as simple as high, medium, or low. But if you have information -- or at least an informed guess -- about dollar value, then that's another way to weight the risk impact value.

  • Columns identify the probability of the impact actually occurring. Again, with little calibrated information, an informed guess of high, medium, or low will get you started. 

  • The field of column-row intersections is where the expected value is expressed. If you're just applying labels, then an intersection might be "high-medium" row by column. Statistically you can't calculate anything based on uncalibrated labels, but nonetheless the "low-low" are not usually actively managed, and thus the management workload is lessened.
But, there is more to be said (Big words start here)
Consider having more than one matrix, each matrix aligned with the nature of the risk and the quality of the information.

White noise register: One class of risks are the so-called "white noise" risks which are variously called stochastic or aleatory risks; they have three main characteristics:
  1. They are utterly random in the moment, but not necessarily uniformly or bell shaped in their distributions.
  2. They have a deterministic -- that is, not particularly random and not necessarily linear -- long-term trend or value. Regression methods can often times discover a "best fit" trend line.
  3. Other than observe the randomness to get a feel for the long term trend and to sort the range of the "tails", or less frequently occurring values, there's not much you can do about the random effects of "white noise"
Aleatory risks are said to be "irreducible", meaning there is nothing about the nature of the risk that can be mitigated with more information. There are no information dependencies.

Epistemic risks are those with information dependencies. Epistemic risks could have their own risk register which identifies and characterizes the dependencies:
  • Epistemic risks are "reducible" with more information, approaching -- in the limit -- something akin to a stochastic irreducible risk. 
  • An epistemic risk register would identify the information-acquisition tasks necessary to manage the risks

Situationally sensitive Idiosyncratic risk register: Idiosyncratic risks are those that are a peculiar and unique subset of a more general class. Idiosyncratic risks are unique to a situation, and might behave differently and be managed differently if the situation changed.  And so the risk register would identify the situational dependency so that management actions might shift as the situation shifts.

Hypothesis or experiment driven risks are methodologically unique. When you think about it, a really large proportion of the risks attendant to projects fall into this category. 

With these types of risks we get into Bayesian methods of estimating and considering conditional risks where the risk is dependent on conditions and evidence which are updated as new observations and measurements are made.
These risks certainly belong on their own register with action plans in accord with the methodology below.  The general methodology goes like this:
  • Hypothesize an outcome (risk event) and 
  • Then make a first estimate of the probability of the hypothesized event, with and without conditions.
  • Make observations or measurements to confirm the hypothesis
  • If unconfirmed, adjust the estimate of conditions, and repeat until conditions are sufficiently defined to confirm the hypothesis
  • If no conditions suffice, then the hypothesis is false. Adjust the hypothesis, and repeat all. 
Pseudo-chaotic risks: These are the one-off, or nearly so, very aperiodic upsets or events that are not stochastic in the sense of having a predictable observable distribution and calculable trend. Some are known knowns like unplanned absences of key personnel. 

Anti-fragile methods: Designing the project to be anti-fragile is one way to immunize the project from the pseudo-chaotic risks. See my posts on anti-fragile for more.

Bottom line: take advantage of the flexibility of a generic risk register to give yourself more specificity in what you are to manage.



Like this blog? You'll like my books also! Buy them at any online book retailer!

Thursday, February 29, 2024

Responding to an RFP .... Steps1 and 2


Are you a proposal leader tasked with responding to a competitive RFP?
  • An RFP from a private sector customer or from the public sector?
  • And if from the public sector, local, state, or federal?
  • And if from the federals, defense or non-defense?
Every one of those customer groups will have their own style, culture, and constraining rules, regulations, and statutes. But even so, there are two steps, everyone must follow:

Step 1, Read the RFP
Step 1 is to read the entire RFP, but most particularly read the "instructions to offerors", or words to that effect. This seems like such an obvious first step that it does not bear mentioning, but actually it does because the devil is in the detail. 

Follow instructions
If you can't follow instructions as simple as how to submit the proposal, or worse: you are too lazy or arrogant to read and follow the instructions, then you've made an unforced error which could cast a pawl over you whole proposal. 

Take note of Customer dictates
Many submission requirements require "click to sign" certifications (which brings workflow and signature authority into the frame), and they require online submissions of content segmented by "attach here" this or that. Consequently, you may need a tool or submission facility that is not your norm. Action required to get the tools the customer uses!

Avoid disqualification.
Or, worst case, if you don't follow instructions, including "don't be late", you could be disqualified for an unresponsive submission. 

Step 2, Have an Answer for everything
Step 2 is build a tracking matrix (or table, or several tables by category) for every little thing that is in the RFP. Use the tracking matrix (or table) to organize and direct where in your proposal the customer is going to find answers. 

Don't disdain a customer's laundry list which looks like the customer just threw mud at the wall. Everything goes in a tracking matrix. Some of that mud has may have an influential sponsor; you won't really know who's looking for an answer, so answer everything. 

There are two objectives to be satisfied with these tracking tables:
  1. Assure completeness, which is part and parcel to your first demonstration to the customer of your appreciation of quality assurance.
    The customer will notice omissions more readily than inclusions.
    That is simple utility theory which posits asymmetry of value: the missing is more grievous than the satisfaction of inclusions.

  2. Make it easy for the customer to find the answers. A frustrated customer, looking here and there but not finding, or not finding easily, will take it out on your score.
    Making it easy are the easiest evaluation points you can earn. Don't give them away. 

    Remember this: If the customer can't find what they want in your proposal, it's not their fault!  (Corollary: If it's not their fault, then it must be yours!) You can't admonish them for not being able to read and easily digest your responses.



Like this blog? You'll like my books also! Buy them at any online book retailer!

Monday, February 26, 2024

Chief A.I. Officer


So it didn't take long. 
AI has invaded the C-Suite, the latest title being Chief A.I. Officer, aka CAIO.
The job description is partly directed at technology, partly directed at culture, and partly directed at functional impacts, like HR, recruiting, and intellectual property.

What does it mean to project management?
In the PMO, the CAIO is going to be there to help you! (I'm from HQ, and I'm here to help)
  • Safety and security: Every project's use or application of AI has safety and security on the project risk register or project agenda. Safety insofar as user's experiences are concerned re exposure to unintended content or performance or functionality. Security insofar as exposing user's to security holes for what seems like an ever expanding range of attacks.

  • HR effects: Predictions are that AI tools will be more threatening to white collar college educated professionals than Joe-the-plumber and other hands-on trades which are not robotic. So will you be under pressure to replace your favorite project professionals with an AI device?

  • Recruiting: What do you tell recruits about your project and enterprise culture re the oncoming AI thing? The fact is: whatever you say today is open to changes tomorrow. Stability and predictability in the job description is going to be a chancy thing.

  • Intellectual property: IP is the source of a lot of enterprise value. But in the AI world, who owns what, especially derivatives from "fair use". And, of course, the patent mess, and the local, state, and federal statutory baseline (admittedly, slow moving, but moving nonetheless; got to keep up!) 
Suffice to say: It's not your father's PMO anymore!


Like this blog? You'll like my books also! Buy them at any online book retailer!