Using OKRs to Create A Cybersecurity PMO
What if you are a leader tasked with starting a new part of the organization, but you are feeling overwhelmed about where to start? Think of all the different tasks that need to be taken care of, the coordination, the communication, etc. The hard part is determining what the team needs to focus in on to drive change. OKRs can be the best solution for providing structure when there is a lack of focus, or the task feels daunting enough that it may even create inertia.
In fact, a past client was tasked with establishing the organizations first cybersecurity project management office. This client had experience with running projects, but not with all the details for overseeing the implementation of such a large effort or a new part of the organization. The executive leadership team realized that they needed to have this team and process set up quickly due to the regulatory requirements that needed to be met.
Unfortunately, there was not a clear path for how the Cybersecurity PMO was going to be set up. There were simply too many items to take care of and not enough time to complete them. The client needed a straightforward approach to help drive the change that was needed. Implementing OKRs was one way that would help them accomplish this. The approach that was used to develop their very first set of OKRs was to ground the client in their definitions and purpose. By first going through a quick OKR 101 with them, I ensured that everyone was on the same page regarding definitions, what they are not and how they are supposed to be used.
Below are the high-level steps that can be used for implementing a 1st iteration of OKRs especially when you are building out a team:
· Clarity on OKR definitions and what they are not
· Understanding OKRs vs KPIs
· Align on company strategy and critical objectives from leadership
· Brainstorm possible objectives
· Prioritize and align on top objectives
· Determine which ones are critical vs aspirational
· Brainstorm possible key results for each objective
· Prioritize and align on key results
· Review and evaluate confidence level of OKR linkage to business strategy
· Communicate the OKRs to critical stakeholders
The most critical aspect of this approach is to prioritize the objectives and key results. The beauty of OKRs is that they not only align the team but provide clarity on the work that needs to be done. The client benefited from this approach first due to its relative simplicity, but also because it took out the clutter of things to do. Not everything can be done all at once. In fact, many times I have seen other clients take on too many tasks only to make little progress. In the case of this client, they were building the team and thus had few resources to implement the work. Thus, it was imperative that they kept the number of Objectives to the minimum of three. It’s not to say that the other objectives they brainstormed were not important. In fact, many of them were, but I challenged them to think about whether they had the capacity to complete them and if they were necessary at this time.
The client wanted to take on everything all at once, but with using a more thoughtful and pragmatic approach, they were able to stay focused and achieve the establishment of their new Cybersecurity PMO. What they were also left with was the ability to continue using the structure that was put in place to continue to drive change within their organization. The team also took away several other learnings from executing this approach:
· Keep the approach simple
· Focus on what’s most important
· Go with the least amount of Objectives and Key Results
· Parking lot your remaining Objectives and Key Results for use later
· Review to understand what worked and what didn’t
OKRs can clearly help teams drive change and focus on the work that matters while also ensuring that they stay aligned with the organization’s strategy. They keep teams moving toward the things that matter, but they also provide a mechanism for evaluating what worked and what didn’t. OKRs are not about seeking perfection, but to move teams in a way that drives progress while also continuously evaluating what they should be focused on. If your team needs to drive change, think about incorporating OKRs into your daily work or reach out to Optima Workflow Consulting to help facilitate.
