In today's lesson, we're picking up were we left off in Lesson 3 and are going to cover how to generate an archive containing all your project data (Issues, Evidence, screenshots, notes, etc.).
After each mission, you need to prepare your Dradis CE unit for the next engagement. This means you'll have to clear the attachments folder and the database and start a new project (hopefully using one of the project templates we built the other day).
Worried about losing the data from your last project? Don't be! There is a convenient way to download all the project info currently stored in Dradis onto your local workstation before you start deleting:
You will be asked for authorization to download a file archive to your
local workstation. This .zip file contains the entire folder structure along
with attachments and some configuration. It also contains copies of any
scans you've uploaded during the project (you never
know when those can come in handy!).
Should you ever need to load this information back into your Dradis unit, start by creating a new empty project and then:
dradis-export.zip)
from your local system
Apart from freeing up space in your Dradis unit for the next project, project packages can be useful to keep an audit trail of what you did in each project. They're also helpful in case you're asked to perform a re-test of an older project down the line. Of course, they're also useful to keep compliance with fleet regulations mandating each ship run a healthy backup program (and to keep those backups off-site, in case of hardware failure of the onboard systems).
You know as well as I do that security assessments are not all hacking and rainbows. There are expenses, deliverables, and scoping authorizations. Over the years we've found that creating a simple system for archiving your project-related information can go a long way towards helping you find it if the need should ever arise in the future.
Inside the project folder, create subfolders for each area:
expenses/ - track any expenses associated with the project like team member expense claim forms, plane tickets, equipment, etc. Chances are, these will be processed elsewhere. But, you don’t want an auditor or your accounting team to enquire about this at the end of the quarter to find out that a crew member that left your ship 4 rotations ago didn’t send the expense claim forms.
findings/ - a great place to store your Dradis project package!
report/ - the deliverable. It’s useful to have it in the shared repository in case the client re-requests it further down the line or a re-test comes up when the original team is not available.
scope/ - scoping information, questionnaires, letters of authority, etc. This folder should contain everything the team needs to hit the ground running on Day One.
As you know, here at the Academy Training Committee there is a strong commitment to Excellence. While the following section is not mandated by fleet regulations, we encourage all of our Dradis operators to consider embracing it.
Most crews out there will be running projects back-to-back without a lot of time between them to think about ways to improve and become more efficient. I know, budgets are tight and qualified personnel are scarce. However, there is a quick win that takes an additional 15 mins per project and will have a significant impact on results.
A simple "End-of-project review" spreadsheet with 3 columns and a new row per project should be enough to start gathering your end-of-project review data. The columns:
Scoping: Was this project correctly scoped? Did it take too much time? Were there too few people involved?
Lessons learned: Did you do something that caused a little disaster? Or, did you do something that had unexpected positive impact on the project or the client’s perception?
New tech: Did the project involve any technologies that you were not familiar with? Where did you find the information about those technologies?
As the old management adage goes: "if it doesn’t get tracked, it won’t improve." If your sales or account management team consistently fail to create an adjusted scope, you need to gather this data and let them know. If a new technology is becoming more popular among your client base, you need to start putting together a methodology to manage it.
Pay special attention to the "Lessons learned" column. Make sure you note everything that worked well (and not so well) and feed this information back to your manager. Or, if you're a crew of 1, take some time every month to review it. Tracking what worked and didn't for each project is the only way to ensure that you'll be a lot more satisfied with the results you'll be generating in another 6 months time.
Today's homework is going to help you close out the course and put into practice what you've learned so far. The next, and final, lesson is meant to help you see WHY this approach to minimize time wasted in repetitive tasks is better for you, your clients, and the health of your organization.
Lesson 6 Worksheet: Where will you be three months from now?
If you don't complete any other worksheet, please try to complete this one. It will help you think through what your next steps are, and give me the opportunity to help you personally.
Your email is kept private. We don't do the spam thing.