Covestic leads and flawlessly executes security decentralization program for Fortune 500 company.

BUSINESS CHALLENGE
A Fortune 500 company wanted to transition their information security from a centralized organizational model into newly created decentralized teams. To do this, they needed to gain internal agreement for the security model that would be used moving forward, and then define and agree upon a transition plan that would enable a successful realignment of their security processes.

COVESTIC'S SOLUTION
This client engaged Covestic to lead the security decentralization program and to define and execute the security transition plan. A Covestic program manager aligned and led a program team of 12 core members and 22 extended members representing six distinct operating divisions. This team was responsible for defining and deploying logical security processes to six security teams that had responsibility for more than 5,000 users. The Covestic team began by working with company executives to define the new security model and the method that would be used to execute the transition. Covestic then led five new teams through their staffing, organizational, and operational setup, and developed a comprehensive training program that documented and transitioned logical security processes and established best practices.

Covestic drew from its experience with various project management life cycles and methodologies to piece together an approach that fit the program needs. The program was broken into four distinct phases, with deliverables defined that aligned with these phases and guided the project managers and analysts in early planning and risk management, and gates with simple exit criteria defined to achieve intermediate closure for the team and demonstrate phase-to-phase progress to executives and sponsors. These, together with fundamental project deliverables such as plans, schedules, status reports, and risk logs were tailored to the needs of this program. The team structure and deliverables were set up to address the people, process, and technology elements necessary to ensure success.

Covestic was drawing upon its program and project experience to bring structure and predictability to a type of program that is often run in a much less structured manner.

PROJECT RESULTS
The highlight of this program's deployment was an event in which the new teams gathered for one week to receive training from the program team. This event was flawlessly executed and characterized by our sponsor as solid training delivery by a team with clear command of the subject matter.

The new teams were all prepared to take on their new roles and demonstrated this through the pilot. Executives were confident in communicating that security responsibilities had transitioned - and that was the ultimate program objective.

THE COVESTIC ADVANTAGE
Covestic demonstrated that we can run solid, structured programs without requiring a predefined methodology. While standard methodologies are appropriate in many cases, sometimes they are not and it is important for a program to adapt so that unnecessary work is avoided while rational strategies and tactics are applied that will support the unique needs of a program.

Covestic also staffed a broad range of personnel onto the program team, including security architects, project managers, and a program manager, while receiving client compliments for achieving a higher hit-rate than competitors on its candidates. Lastly, the Covestic program manager was able to foster a cohesive team despite it being staffed by three competing firms.