Practical Software Measurement

Victor Fuster's blog

Building Better Cybersecurity Through Parametric Estimation

Estimating Cybersecurity

This post was originally published on Linkedin. Join the QSM Linkedin Group and Company Page to stay up-to-date with more content like this.

Despite the best efforts of federal agencies and the near constant media coverage of threats, most government cybersecurity initiatives remain reactive. Once a threat is detected, agency teams typically scramble to identify the source of the intrusion and take necessary steps to mitigate its impact. The nature of the business can make planning and, therefore, budgeting a seemingly impossible task.

Unfortunately, federal IT security professionals’ and program managers’ hands are tied, thanks to limited budgets and time. They worry about the costs and schedules involved in proactively creating a compelling cybersecurity program. Beyond that, they traditionally have not had the necessary tools to develop accurate estimates of what it will take to create these programs. They have been left only able to make educated guesses that leave them stuck in reactive mode.

Agency project managers need to be able to build and develop their cybersecurity systems just as they would a software project. They need accurate planning and estimation that will allow them to consider timeframes, appropriate staff, potential costs, quality, risk, and other key factors.

QSM’s Proven Estimation Approach Applied to Cybersecurity

Blog Post Categories 
Cyber Security

Staffing a Successful Estimation Center of Excellence

When an organization wants to proactively manage their software activities from inception through development and sustainment, an enterprise software estimation or acquisition Center of Excellence (COE) is a great solution.  A significant portion of our professional services business at QSM is helping companies design and stand up enterprise COE operations. 

There are three main components to a successful COE implementation.  They are:

  1. Estimation Center of ExcellencePeople – Finding people with the right characteristics and developing their skills;
  2. Business Processes – developing the right business processes to support decision making; and
  3. Tools – Acquiring and configuring analytical tools to support the business processes.

Our clients often ask us to identify the best characteristics and skills for a person that they plan to staff into a COE.  We went back and looked at our most successful implementations, and here is what we found.

Ideal Enterprise COE Skill Set:

Blog Post Categories 
Consulting Estimation

A Case of Software Data Collection

Software Data CollectionTelevision has done a fine job of glamorizing the job of an investigator.  Whether you fancy the classic Sherlock Holmes, the affable Colombo, or even perhaps enjoy the suspense associated with cracking the case on television shows like “The First 48,” Hollywood has tried to make us believe the search for clues is always exciting.  However, those who have searched thousand row spreadsheets for software data collection efforts, may beg to differ with that sentiment.  The needle in a haystack analogy may seem more fitting, if only the haystack was bigger!

Although most folks will never get the chance to track down a villain like Sherlock’s nemesis, Professor Moriarty, there still is a need in many professions to find “clues.”  In software estimation, those clues can be thought of as software project data. What information do I need to solve this software project estimation case and how do I obtain it? In that search for information, perhaps we can utilize some basic investigation steps to find the software data needed to produce good software project estimates. Honestly, why would one embark on the often daunting quest of collecting project data for future estimation without at least a basic approach?  Well, there are many reasons.  However, let’s focus on a way to proactively look at an approach using the analogy of an investigation.

Blog Post Categories