PMI® Switzerland Chapter


Chapter Communications Blog

Event Report - How Project Managers Can Help Organizations Become More Agile - 14 June, Basel

Brandon Satre 100x100

Author: Brandon Satre, PMP

On Thursday, 14 June, our chapter hosted an event on how project managers can help organizations become more agile. Timm Urschinger, CEO and co-founder of LIVEsciences AG presented on the topic at the Schützenhaus in Basel, which followed up with a very enjoyable networking apéro outside.

One thing that surprised me a bit, but perhaps not surprising to others, is that there is actually nothing new in such an approach to project management. This was Timm’s mantra throughout the presentation, so I thought it must be important enough to say here as well – Agile, it’s nothing new!

Some of the top challenges to adopting an agile method according to the 12th Annual State of Agile are organizational culture, general organizational resistance and inadequate management support. Hence, we have people like Timm driving the PM community to embrace agile concepts into their project management approach.

think outside the box

We saw first hand how well agility fits in an environment filled with uncertainty. For example, we had a couple of live poll questions via our smartphones, and one in which we were asked what we thought the biggest challenge would be to leading an organization in agile methods? After the answers started coming in, it was clear that most people just had no idea where to start. Then Timm announced that he would be adapting part of what he would talk about based on the top result. But suddenly the top result became “my leadership will never endorse agile.” And when the poll had ended (or so we thought), the top result switched yet again! Now either Timm planted people to purposely ensure a certain result would be at the top so that he could only make it seem like he would be adapting to the poll, or we were witnessing a truly agile phenomenon and an equally agile Timm.

In the end, we learned that the best way to get started with leading agile in an organization is to just start where you are. There is no magic formula. It helps to do some research on success stories, of course, such as Spotify’s agile “tribe” framework. Timm recommends having a north star to start with. Define the project purpose with your team and have a clear line of sight on your north star. Check out Patagonia’s success story in switching to sustainable cotton back in the 90’s. Consider assigning project roles with clearly defined responsibilities rather than limiting project responsibilities based on job title. Or why not draft up a project constitution so everyone is clear on expectations of each other? This can be tailored between specific individuals too. Finally…just try different approaches out (if you are in a position to do so). And don’t be afraid to fail.

“Winners are not afraid of losing. But losers are. Failure is part of the process of success. People who avoid failure also avoid success.” - Robert T. Kiyosaki

Message from the Board - July 2018

Manju Bohra 100x100

Author: Manju Bohra

Dear Colleagues and Members,

Hope you are doing well and looking forward to a good summer. I'm very much doing so...with my optimistic rosy lenses on and leaving behind torrential rainy weeks of June ….. I was almost thinking that somebody would need to call Noah back then!

With that hopefully behind us, allow me to give you an update on sponsoring. As you know, sponsorship is critical in lightening the cost pressure and allowing the chapter to maintain its high-standard events. Throughout the last quarter we invested some time with our sponsors to get their feedback on the value from sponsoring and how we could collaborate better in the future. It gives me immense happiness to tell you that our sponsors are very satisfied to build such a powerful and mutually beneficial relationship with us. I'd also like to take the opportunity to recognize the excellent work our Events team is doing; they have a big hand in keeping our sponsors happy too.

During the last two board meetings we scheduled workshops with our Communications team to understand our members better, i.e. which industries they come from, geographic locations and their interests. In this way we hope to provide customized communication platform and services to our sponsors and members.

We are working hard to understand our stakeholders' needs at different levels, and how we could define specific KPIs and provide a way to meaningfully measure returned value.

In closing, I'd like to thank our sponsors' support and close collaboration that enable us to bring quality events to you. PWC merits special mention as they are our Platinum sponsor and continuing their support for the second consecutive year. PMI is very thankful to our Gold Plus and Gold sponsors who have been committed to supporting the chapter for the past many years.

I wish you a wonderful summer and a fun filled holiday period.

Warm regards,

Manju Bohra

VP Sponsoring

PMI Newsletter feedback

Tell us what you think!!

Daniel Rodellar 100x100

Author: Daniel Rodellar, PMP and PMI Newsletter team

Dear Members and Newsletter Subscribers,

Could you please give us feedback on the Newsletter format and content by pressing on one of the faces below

  • Red for "Improvements are required"
  • Amber for "It's okay but could be better"
  • Green for "It's great!"




The Newsletter team

Editorial June 2018 Newsletter

Carlos Martinez Arteaga 100x100

Author: Carlos Martinez Arteaga, PMP

Dear Members and Newsletter subscribers,

I am lucky to have 3 little kids in my life, all under 6, all irradiate happiness, all full of life, all empty and fill my batteries at the same time...

For those who have kids, it is well known that the day they arrive, a part of us suddenly goes away. Also suddenly we do not have just one shadow, but two!

My kids have molded they way I now am, they have made me a caring person, to put myself in other people's shoes, they have even been able to make me realise that if it takes 5 minutes longer to drive to our destination, it is fine, as long as we get there... and that never again been on time is also fine.

I have become more patient, I might be able to do something quick, but others might be doing that for the first time, like children, and this I have realised though them.

I also become aware of that I have to stand more for what I say, and therefore I have to think of what I tell my kids. Whatever I might say will be considered as totally true, "Dad can't be wrong, he is Dad!!". I have always stood for what I have said, but now more than ever, I have to leave up to it, as if not I will be immediately reminded of what I said...

A kid will show you that it is ok to be friends the second after you fight, that a frienship is stronger than any dispute..., and that no matter how angry you might be, with a few words that anger will vanish away..

Finally, children will make you realise that you too have a dad and a mom, and if they are still around, you will realise what they have gone through to get you where you are today, and how proud they surely feel about you... just like you are of every thing your kids achieve!!

I leave it with my favourite quote from Antoine de Saint-Exupéry : "The most beautiful things in the world cannot be seen or touched, they are felt with the heart".

Sun is life, specially for kids!

Take care.



How to build your cyber resilience

Daniele Pinto

Author: Daniele Pinto, PMP

How to build your cyber resilience


Figure 1 Source

The recent issues with Facebook and Twitter highlight that building a strong cyber resilience management system is not easy. We have seen that such a system involves both technical and human aspects.

The scope of this article is to provide a brief overview of cyber resilience management in private organizations and public offices. Let's take a step back and start with the basics.


Some years ago, we could have thought about cybersecurity like something related to preventing unwanted access to information within the fence of a company. Hence, preventing non-authorized people from accessing company information systems has been historically a “job” for IT personnel. In today’s world the situation is more complicated. Think about BYOD (Bring Your Own Device), or the possibility to cooperate with partners and suppliers. The borders are so extensive that the decision makers should no longer ask the question "if" an accident may happen but "when" will it happen and “how” will the system be able to detect it and quickly recover. Hence, today we talk about cyber resilience as a wide concept that goes beyond IT. Companies and public offices need to establish a management system with a balance of both preventative and persuasive controls along with recovery and repressive controls. Like every management system, it should include IT/IS infrastructure, organizational management, physical infrastructure management, supplier management, partner and customer management.

Cyber resilience management system

There are several standards and best practice collections that can help an organization to project its own cyber resilience system. For example:

  • The ISO 27000 set of standards
  • NIST (National Institute of Standard Technology), cybersecurity session
  • COBIT 5

Most of the cyber security controls are related to IT, therefore, a best practice would be to align the management system with the already established one. The most recognized standard for IT service management is ITIL (Information Technology Infrastructure Library). Axelos, the company that manages it, has developed this approach with the new certification path called "Resilia, Cyber resilience best practices". This article is based on that approach.

If you are new to ITIL, these are the five steps to manage the lifecycle of a generic IT service:

  • Service strategy: the first step is to define the strategy
  • Service design: then the service is designed
  • Service transition: change management processes take place, among other activities, there is the hand over to the operations team
  • Service operations: here all controls are in place and managed by the operations team
  • Continuous improvement: this is where the actual service is reviewed and improve


The strategy definition of a cyber resilience management system is something that the CSO (Chief Security Officer) or the program manager needs to develop with senior management and executives. The first step is to gather the requirements and therefore to set the foundation that explains “why” the organization needs such a control system. Here you need to answer other questions including the creation of the mission and vision for cyber resilience.

The output should be the implementation of company policies, people awareness, and governance that includes, for example, the financial side of implementing the cyber resilience management system.


This is the phase where the strategy becomes tangible because it is when the team designs the new controls. The scope of work includes:

  • Business processes
  • Physical system (e.g. access control, endpoints like computers and mobile phones)
  • IT systems and processes
  • An organization with roles and responsibilities
  • Company culture towards cyber resilience 

A gap analysis should be done to understand what the current situation is and the desired status to achieve. The ISO 27001 standard could help with its checklist made by 114 points. There are many areas in the organization to consider, for example:

  • Employment process through the life cycle, from hiring to termination
  • Supplier management
  • Data management (e.g. data access, data modification, data storage, data transmission)
  • Business continuity

Where the IT services need to utilize XaaS type of resources, a useful source of information would be the Cloud Security Alliance.

The deliverables of this phase are the design of the services/controls that will transition into production.


The scope of this phase is to introduce the designed control in the operational environment. Hence, change management plays a significant role in these activities. Attention should be given to avoid business disruption during the transition phase; risk management will help on this. The deliverables are:

  • Configuration management, including change management
  • Testing, including penetration testing
  • Documentation
  • Training

At this stage, the test protocol should provide feedback about the expected performance.


Once the controls are in place to protect the organization, the operations team takes care of the day-to-day business. An incident and problem management system together with a request fulfillment system should be in place. The organization manages several types of controls, for example:

  • Preventative controls (e.g. user access controls)
  • Detective controls (e.g. logs)
  • Corrective controls (e.g. backups)
  • Deterrent controls (e.g. term and conditions in the employment contract)
  • Reductive controls (e.g. recovery plan, configuration management system)
  • Repressive controls (e.g. IDPS - Intrusion Detection and Prevention System)
  • Compensatory controls (e.g. built-in redundancy)

One of the tasks for the technical team is to monitor the access log files and the network traffic. The details for log access should be different between a normal user and a superuser. In fact, the latter could normally cause greater damage to the organization. Another aspect to consider is that the organizations are no longer isolated (e.g. process integration with suppliers, e-commerce portal). Hence, a good practice would be to terminate all external connections to a “demilitarized zone” that hosts public information, and then only allowing access to the core network through a firewall that screens traffic.

Continuous improvement

A cyber resilience management system requires being aligned with the changes in technology and business environment (e.g. BYOD). A good practice would be to make a quarterly review of the system and to plan audits (internal and/or external). The source for improvement opportunities can be the incident log, users survey, or audit report. Continuous improvement processes can follow the PDCA (Plan Do Check Act) lifecycle and aim for a maturity level according to a model such as CMMI (Capability Maturity Model Integration).


Cyber resilience is a new way of thinking about cybersecurity. It is no longer a question of "if" but "when" an attack will happen. Hence, the system should be designed to balance the preventative controls with detective and recovery controls. The system should be designed with the respect to “how” the organization can quickly recover after the detection of an incident. Cyber resilience is no longer an issue bounded purely by IT within the “walls of an organization” but it affects employees, suppliers, and partners. Therefore, it is important to plan effective communications, create awareness among the stakeholders and manage risks holistically.