There is an old saying that ‘An Englishman’s home is his castle’ which if we now adjust for political correctness probably applies to every gender and every nationality. Most people would probably like to live in a nice place and be warm, comfortable and safe.
In the UK and indeed around the globe there are hundreds of TV shows on the subject of home improvements, DIY projects and how to make your garden look great. All presented by people with great talent and produced to inspire idiots like me who actually think we could do the improvements they suggest ourselves.
I don’t think I am totally useless however, I am good with a sledge hammer but rubbish with bricks and mortar, great at digging things up but rubbish at planting so I can demolish things but not build them. That’s why we have expert tradespeople to help us.
Let’s also be honest in the fact that the majority of us don’t have the eye of a good designer or architect – these are seriously gifted and talented people who either have a natural talent or have studied hard to get where they are. My wife is good with colours – I like what I see but can’t imagine it before it has been put in place. Designers are weird but gifted.
One of my favourite shows and very popular is ‘Grand Designs’ presented by a great designer Kevin McCloud. Kevin has an eye for architecture, design, colour and a great stage presence which makes him the great host he is. As much as I love Kevin, the programme itself intrigues me.
If you don’t know it – give an episode a go (they are on pretty much 24/7 across hundreds of channels) but the general premise is that a general nobody (member of the public) wants to either build or re-develop the house of their dreams and has a considerable amount of time and money for the project. Considerable but not infinite. The show takes us through the various stages of the project – which invariably ends up over budget, way over time and results in serious marital strain, divorce or oddly enough the couple managing to have a baby whilst shacking up in a draughty caravan on a building site for 2 years.
I use this TV programme as the basis for an exercise I do in my classes. Its called ‘Grand Design’ and I get the delegates to write a list of things that they would want in their Grand Design – where money and time are no object. Give it a go now. Close your eyes and think about your dream house – what would you have in it?
Invariably the results are the same and include things like – a big kitchen, multi-media room, 10 bedrooms, swimming pool, nice garden, double garage, nice views etc.
And so we set off to build this house – with the people paying for it at the heart of the project (the users of the house).
Some users think they can Project Manage. How hard could it be? These are the ones who normally end up divorced, penniless and generally unhappy with the project results.
So what are the stages of a project?
First of all they will need an Architect. The best ones are the ones who charge a big fee but know what they are doing. They also look at the list of ‘wants’ that the users have put together and invariably sigh and tell them what they can and can’t have. There are laws, regulations and standards which have to be met and also it may not be structurally possible to pull off some of the users wishes. Good architects know these things – users don’t consider them in their plans.
Once the users have agreed the changes – it passes to a Developer. Good developers are expensive and cheaper alternatives are available so you have to weigh up the cost against the risk. Some developers will use sub-contractors to do certain parts of the work and again these vary in cost and risk. The users may or may not control the supply chain of sub-contractors but have an agreement with the developer that covers their work (fingers crossed). Developers know how to dig foundations, build walls, put on rooves and generally stick to the plan but invariably they come across ‘stucks’ in the design and have to negotiate changes with the user. Which the user must agree. The user has no idea how to build a wall or re-position a toilet so they have to trust the developer.
Changes in the project often mean time and money.
Towards the end of the planning, designing and development of the project we have the final fix. This is where things are tweaked and tested to make sure they meet the specifications (or as close as possible). You have seen it – turning the lights on and off – check, flushing the toilet – check, sniffing for gas leaks – check – and so it goes on. There is a sign off sheet somewhere which probably involves an awkward looking dude in a suit, hard hat, hi-viz jacket and a clipboard. They audit stuff.
Eventually the users take control of the house and move in.
Sometime after using the house the users will find snags which will need fixing. A good contract means that the developer will come back as part of the agreement and fix anything that is faulty or not as planned. It might need the dude in the suit again, but it might not.
Several years down the line the users of the house want to upgrade or update the house and so a new project starts with the architects, developers and auditors and off we go again. It’s just one big cycle of development and change management.
In the whole cycle there are a variety of methods that can be used and architects, developers, auditors and users are all involved in the meetings, discussions and agreements. It’s like a good dance – it doesn’t matter if you waterfall, spiral or are more agile, as long as the final dance looks good and nobody falls over – the end results are great and nobody is going to judge which method you took to achieve great results.
This is how a project works.
But hold on.
Now imagine the scene after months or years of the Grand Design Project, remembering that several hundred thousand or millions of pounds/dollars/euros have been invested into the house, for the couple to come home one day to find out that they have been robbed and this is not the first incident of this nature.
After reporting the security incidents to the police, the local crime prevention officer informs the users that it is a bad area for crime and they were surprised that anyone wanted to build a house here. (That might be why the land was so cheap!?).
The locks on the doors are not sufficient, you have no CCTV system in place to detect or deter intruders, you have windows which look fantastic and let in lots of light but offer little protection from a hammer. The size of your house, the double garage and swimming pool are signs of wealth and attract ‘the wrong type’. You have more back doors than you can shake a big stick at (another less well known saying).
The crime protection officer asks “did you not consider the security of your home when you built it?” and “here is a leaflet which will advise you on the type of security you can fit”. We learn a lot post-incident – hindsight is a great thing.
This may mean a redesign, more time in the caravan, this definitely means more money. Why did we not consider security by design? It would have been far cheaper in the long run and I wouldn’t now need to explain myself to the person who holds the purse strings.
Why did we not consider the threats or the overall risk to our fancy new house? The architect should have picked it up, the developers will work to a plan and may make suggestions but often not. The developers may actually by-pass security just in case they need to come back and re-jig something. Auditors had a check list but not for security.
We tested the light switches and the central heating system but we didn’t test the alarm (because we didn’t think we needed to).
In my classroom exercise (and check your list) – even though I will be teaching a subject around security, very few delegates put any security features into their Grand Design. Why would they? Users are focussed on the end result of the project and how warm and comfortable they will be. It is somebody else’s job to think about security by design.
Invariably that somebody else sits higher up the food chain in the Project.
An Englishman’s home is his castle. A castle is a secure dwelling which is built to protect the inhabitants from the threats of that time. Castles that have stood the test of time are the ones which were secure by design, well maintained and patched and the defences are tested and updated often.
It’s very important to be comfortable in your castle but comfort should not come at a cost of risk. Your network should be a comfortable, warm and cosy place to work. But all those fancy extras that we like to layer in such as applications, smart devices and appliances come with a risk attached. Nothing is going to be 100% secure, there is a difference between a castle and a fortress but design, development, project management and auditing are all things which when done well can protect you well into the future. Invest in these and you won’t regret it.
Unless a dragon turns up. But likelihood is a key part of risk!
