Typical EVM Delivery Challenges

Winning an assignment is an important milestone in a business cycle, but delivering it to expectations of the client makes the business repetitive and adds more scope for diversification in length and breadth. As for any delivery unit in a classical IT organization, the Enterprise Vulnerability Management (EVM) group within TCS-ESRM faces the typical delivery challenges. I would like to state these challenges using a case scenario and aim to bring to light, the additional effort each individual of this unit had to strive (beyond levels) to ensure timely and appreciable result. 
Citing a recent requirement of a global financial service major in US Geography that came to TCS having plethora of applications across technologies to be security assessed in a short time frame. Due to market competition and aim to achieve margins, stringent timeline are committed, which not only added to the pressure to deliver on time but also kept a constant pressure to maintain the same level of quality to the deliverables.
The client being prestigious & to be a new logo, TCS-ESRM called for deploying the right skillset to make the impact. The customer kept on changing the start date of the assessment due to delay at their end. This led to a problem of managing & holding onto the right resources (the combination of right security experts and tools at the right time). Aspects of budget inadequacy, to procure tools and lengthy approval and procurement process added to the delay.
Client’s expectation of carrying the assessment from one of their captive unit was another challenge. Mobilizing and setting up a team with scarce skillset within a lead-time of 2 weeks is never a mission possible target these days. It took great effort to convince the client for an alternate delivery location, allowed for an independent security audit of the remote site and provided the requisite assurances of a secure assessment process.
As this was a grey box assessment, business workflow knowledge and inputs from application team was required on a frequent basis. The assessment was carried from offshore location, whereas the application team was available during US time zone. So a technical coordinator was required to stich the communication gap. However lack of VISA ready associate(s) to travel to US didn’t help the cause. All communications had to be setup during late offshore hours towards clarifying any doubts related to the application functionality or issues.
Management of the EVM delivery by account team resulted in additional work for EVM team, like agreeing to client’s demand for ad-hoc status reports without consulting EVM SPOC, scheduling of un-timely calls at shorter notice, multiple status updates to different stake holders etc… 
I believe that the challenges will keep repeating itself in one or the other form, so a proper governance model with appropriate communication modality is the call of the hour for a smoother delivery process.
What do you think about the challenges discussed? Tell me about your views of handling situations.
Views by Somen Das
Rate this article: 
Average: 1.8 (5 votes)
Article category: 

There is 1 Comment

Few strategy that comes into my mind to handle such scenarios can be listed down as :

1. We need to have VISA ready associates and for the same the higher management needs to be convinced on why we need such associates. Rather than waiting for the customer account team to sponsor the visa , we can check for the feasibility of same through ESRM accounts.
2. We should always have some expert resources ready for emergency situation who can atleast guide newly trained or less experience resource to take care of these scenario; maintaining same quality of security services.

3. We can aim at allocating ESRM EVM resources across the globe in order to handle issues like time zones problem.
4. We actively need to have a full proof plan to tackle similar situation in future inspite of making a case study (ppt) and keeping it in repository.
5. We need to make our resources as well the plan pressure resistant to handle such situations .

6. Small token of appreciations , not only from client/customer but also internally from team will definitely create a motivation among associates to come proactively out of their comfort-zone and put their efforts on offline hours with proper efficacy.