Richard J. Bocchinfuso

"Be yourself; everyone else is already taken." – Oscar Wilde

FIT – MGT5154 – Week 8

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

What are five problems within the case study?

  1. Fractured culture with poor interdepartmental and/or interdisciplinary communication and relationships.
    E.g. – Al Moody: “I’m getting complaints from the engineering and operations departments that they can’t get any priorities established on the work to be done in your group. What can we do about it?” (Kerzner, 2017, pp. 534)
  2. Lack of organizational alignment.
    E.g. – Ralph Gregg: “I set the priorities as I see fit, for what’s best for the company.” (Kerzner, 2017, pp. 534)
    It seems like Ralph Gregg might be making unilateral decisions on “what’s best for the company.” Ralph probably thinks that to fix things he needs control when in reality the organization would benefit from a leader who can deliver value and drive adoption of standards. Make the life of others easier, deliver value and answer the WIIFM (Links to an external site.)Links to an external site. question and the organizations starts to move in the same direction and the yield is exponential rather than linear.
  3. Empire building with a myopic departmental focus and bureaucracy as a means to maintain control.
    E.g. – Al Moody: “I’m more concerned about this closed shop you’ve developed for your department.” (Kerzner, 2017, pp. 534)
    “If engineering wanted a computer program written, it would now have to submit a formal request and then have the person requesting the program spend a great deal of time explaining the problem to the scientific programmer assigned to this effort.” (Kerzner, 2017, pp. 534)
    Ralph Gregg is using a process to maintain control, but approach this is not in the best interest of Jackson Industries.
  4. Employee morale, escalating animosity and no proposed solutions or path to a resolution.
    E.g. – Ralph Gregg: “because you people upstairs do not feel as though we contribute anything to company profits. (Kerzner, 2017, pp. 534-535)
    Al Moody: “Between you and me, all of your comments are correct. I agree with your concerns. But my hands are tied, as you know.” (Kerzner, 2017, p. 535)
  5. Motivation is viewed more as a result of ascribed authority where perform is mandated vs. self-motivated to contribute to an organizational objective.
    E.g. – Ralph Gregg: “You bet I do. Make me director and I’ll see that the work gets done.” (Kerzner, 2017, p. 535)

Does the creation of a MIS group solve any problems? Why or why not?

An MIS group could help by creating cross-department standards where MIS could enable innovation rather than trying to gate it. If MIS delivered shared services, documented standards, APIs, etc… MIS could become an enabler for engineering and operations. Rather than taking ownership of writing all the computer programs as a means to create consistency (Kerzner, 2017, p. 533) the MIS department focus would be on providing a framework that enables cross-department developers to write software while naturally adopting standards. In this case, MIS becomes a catalyst that increases the velocity of innovation rather than a gatekeeper which slows innovation.

An example of a documented standard could be as simple as the development of a template (Links to an external site.)Links to an external site. and style guide.  Or it could be a set of standard libraries that developers will use to access shared services. An example of this would be the AWS Boto 3 python library (Links to an external site.)Links to an external site..  The availability SDKs and libraries make life easier for developers and this indirectly drives standardization.

A central MIS team could also metric KPIs (Links to an external site.)Links to an external site. that would drive things like bonuses, merit increases, etc… If there are agreed upon standards, APIs etc… that will be used by engineering and operations MIS can own shared services in the CI/CD pipeline (Links to an external site.)Links to an external site.(Sai, 2016), these might include items such as version control, code review, and unit test. Metrics captured from these shared services would provide valuable insight and could drive organizational decisions.

MIS should become an enabler, not a gatekeeper within the organization.

What recommendations do you have?

  1. I just went through something similar regarding pay increases and job titles. I think in technical roles this can be a challenge for many companies, Jackson Industries is not unique. I would suggest a leveling system that decouples title from level, meaning that there is a clear income variance between levels but not explicitly tied to a title. Using a composite from an employee review and employee level should determine the pay increase. Increases should be objective and not subjective. If the metrics are clear, income increases should be straightforward and not open to conjecture.
  2. Establish a cross-departmental standards body to gather requirements, define and review standards. Not congressional hearings, but small two pizza groups (Links to an external site.)Links to an external site. (Connley, 2018) that can accurately represent stakeholders.
  3. Align departmental initiatives with macro-level business objectives. Executive management should work to help departments understand that individual department contributions do not deliver the desired outcome. For the organization to meet its goals, all departments need to work together to provide a result that is greater than any one individual or department. I would look at connecting compensation (stock, bonuses, increases) to the overall performance of the organization. Creating the connection between organizational performance and compensation can help drive behavior aligned with organizational objectives.
  4. Focus on solving problems elegantly not by single-threading the process. There are elegant ways to achieve and enforce standards without having to single-thread everything through one department. From a development perspective in 2018, this is insanity, the emergence of Twelve-Factor Apps (Links to an external site.)Links to an external site.(Wiggins, 2017) and microservices (Links to an external site.)Links to an external site. is the result of organizations needing developers to move faster. It was crazy to read Ralph’s Gregg approach to standardization. Automated code review tools like Codacy (Links to an external site.)Links to an external site.CodeFactor (Links to an external site.)Links to an external site.CodeIt.Right (Links to an external site.)Links to an external site., etc… can all automate ensuring that code meets standards.


Amazon. (2014). Boto 3 Documentation. Retrieved December 12, 2018, from

Codacy. (n.d.). Automated code reviews & code analytics. Retrieved December 12, 2018, from

CodeFactor. (n.d.). Let’s make software better. Retrieved December 12, 2018, from

Connley, C. (2018, April 30). Jeff Bezos’ ‘two pizza rule’ can help you hold more productive meetings. Retrieved December 12, 2018, from

Fvcproductions. (2015). A sample README for all your GitHub projects. Retrieved December 12, 2018, from

GitHub. (2016, July 15). Documenting your projects on GitHub. Retrieved December 12, 2018, from

Google. (2017, February 21). API Design Guide | Cloud APIs | Google Cloud. Retrieved December 12, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Sai, M. (2016, December 20). What is a Continuous Integration and Delivery Pipeline, and Why Is It Important? Retrieved December 12, 2018, from

SubMain. (n.d.). CodeIt.Right. Retrieved December 12, 2018, from

What are microservices? (n.d.). Retrieved December 12, 2018, from

Wiggins, A. (2017). The Twelve-Factor App. Retrieved December 12, 2018, from


Andrew, it’s been fun, but our time together is drawing to a close. 🙂
Comment/thought on your thought of shifting bonuses to be based on the project team and project performance vs. by a department. This is an area that I think so many organizations struggle with. If a department does well this does not necessarily translate into an organizational win if a project goes well this often does not translate into an organizational win, so what’s the difference? This is an aspect of performance management and incentive structures which I have been challenged by for years. I am a big fan of Geoffrey More and I believe deeply in Zoning to Win, but organizationally the metrics for the incubation, transformation, performance and productivity zone are very different but highly dependent. If those in the performance zone don’t execute well then those in the incubation zone have no funding to incubate, this can be very challenging because incubation is very different than performance. Performance is binary, selling and delivering what’s in the bag while incubation is intangible, visualizing the future and experimenting. In essence, the performance and productivity zones need to fund the innovation and transformation zones, while tangible returns are far less in the innovation and transformation zones, these zones are critical to ensuring that an organization is relevant tomorrow. This is well explained by Geoffrey Moore in the video I embedded below.

We’ve worked for years within my organization to try to solve this problem and in 2018 we implemented a variable performance compensation plan that we think did a pretty good job addressing it. The plan focused on incentivizing engineering resources to cross zones, making performance incentives about macro-level organizational goals rather than individual, departmental, project, or zone success. The model provides transparency to the goals from both a financial and runway perspective, as well as expected individual and departmental contributions. I think it’s really hard to be strategic and still be tactical, but both are critical to being able to operate a business which has to balance sustaining and innovating.

In addition to financial incentives, I think we need to look at new ways to increase employee engagement. Things like hackathons, innovations days, discretionary time, gamification, etc… We love ChaOps (Slack (Links to an external site.)Links to an external site. is our platform of choice) and we love HeyTaco (Links to an external site.)Links to an external site. for a public job well-done accolades and gamification. Getting people publically engaged has made a huge difference in how we operate, the other thing we have done is developed a sentiment analysis engine which analyzes Slack messages and determines the user’s sentiment, overlays the time of day, what they are working on, etc… to allow us to better manage employee engagement.

For me, it’s always about how to drive an organization to the “one team, one dream” culture, something that seems to be lacking at Jackson Industries, a systemic cultural issue that I am not sure an MIS department can or will solve.


Moore, G. (2016, December 07). GOTO 2016 • Zone To Win • Geoffrey Moore. Retrieved December 16, 2018, from

Moore, G. (2015, November 04). Zone to Win: Organizing to Compete in the Age of Disruption. Retrieved December 16, 2018, from


James, I enjoyed reading your post. Curious about your perspective of how the documentation of code is a “Computer Use Policy” issue? I agree that there should be a defined standard on documentation (e.g. – template (Links to an external site.)Links to an external site.), but does MIS posses the knowledge to create a template and the systems that engineering and operations value? I see this all the time, policies and decisions made that make no sense outside of skewed perspective and perceived simplicity. In a world where best-of-breed technologies with well documented and published APIs provide the ability to connect any system, the idea of moving to a monolithic application because “it’s easier to manage everything in one place” drives me crazy, yet we my organization just went down this path for two years, only to scrap the entire project, but not before spending millions on it.

Do you see the MIS department as a shared services organization who will create shared services which engineering and operations will want to consume or do you see MIS as an organization who will set, mandate and police standards? Should MIS be responsible for building and delivering information systems which deliver value to the engineering and operations teams? What are the performance metrics for a shared services organization? What defines success or failure? This is a topic near and dear to my heart.

IMO it’s the job of MIS to deliver value to the business, not to create mandates. Too often MIS develops things like an acceptable use policy (AUP) which actually isn’t acceptable at all. John Kehoe the CIO of Valmont Industries does a nice job of explaining the value of standards, but also the realization that standardization doesn’t always work. (Heller, 2017) I think today with the massive focus on machine learning, deep learning, and artificial intelligence departments are investing in data scientists and developers that will transform the business, and while these resources need access to shared services they need flexibility and velocity that many MIS departments struggle to deliver. This gave way to “Shadow IT” then shared services groups accepted Shadow IT and called is DevOps (Everitt, 2018), but no matter how you look at it the developers want control of the pipeline and they want to move at a pace that traditional MIS departments are struggling with, see cloud adoption. 🙂


Everitt, G. (2018, May 29). Reducing the Danger of Shadow IT With DevOps – DZone DevOps. Retrieved December 16, 2018, from

Heller, M. (2017, April 05). The path to IT shared services and standardization. Retrieved December 16, 2018, from

Lyndon, I think you make a good point about organization structure and the link between MIS and finance. Many legacy enterprises still have CIOs (Chief Information Officers) reporting to CFOs (Chief Financial Officers) which I find astonishing, but in recent years there has been a shift. Information Technology (IT) in these legacy enterprises is thought of as cost centers, and it’s the job of the CFO to manage cost so this makes sense, what is different is the fact that the CIO needs to be driving innovation that delivers efficiency, velocity, quality, and differentiation, so we now see more CIOs now reporting to CEOs (Kark, Shaikh & Brown, 2018) as organizational leaders and profit centers rather than cost centers. Let’s face it, if you are a manufacturing company that has been around manufacturing widget X since 1945 it may be hard for executive management (manufacturing C-Suite types) to quantify the value of technology, executives might say we have been manufacturing widget X like this for 70+ years and they may be reluctant to invest in innovation if it’s not mandated (e.g. – compliance). In many of these organizations, we are seeing the CMO (Chief Marketing Officer) drive more innovation than the CIO because the CMO is responsible for driving customer acquisition (Pemberton, 2017), and we all know in this market if you’re not growing, you’re dying.


Kark, K., Shaikh, A., & Brown, C. (2018, May 3). Who’s the boss? Trends in CIO reporting structure. Retrieved December 16, 2018, from

Pemberton, C. (2017, January 10). 2016-2017 Gartner CMO Spend Survey Reveals the CMO’s Growing Mandate. Retrieved December 16, 2018, from

Denise, it’s hard for me to relate to the Jackson Industries case study because I feel like any company in today’s market who is developing software (for internal or external use), with even the smallest amount of competition couldn’t possibly survive without a CI/CD pipeline. (Sacolick, 2018) So while Jackson Industries made sense to me, because I am old enough to remember when it was possible to survive in this operating model, I don’t think it possible any longer. What development organization today isn’t using a CI/CD pipeline? (Tuli, 2018) I am sure there are some people still writing monolithic apps and FTPing code, but let’s hope they are in a segment of the market with no competition.

Pay-for-performance (PFP) is a tricky thing, for sure. It is absolutely a good thing to incentivize organizational goals, but these should be macro-level and long-term incentives. There is a reason we have seen FAANG companies trade compensation for equity and perks, compensation may drive behavior, but equity and perks drive a culture. I think performance incentives are good, but IMO individual performance often does not translate to organizational performance and this is the challenge. I believe if the organization culture is healthy, meaning team members have a purpose, they understand the organization’s mission and vision then providing transparency to how the organization is doing against its objectives and visibility into the results of success or failure is critical. There should be an objective and a subjective view, where the subjective view delivers a significant upside for the people who over-deliver when the organization meets its objectives while holding back on employees who under-deliver. (Miller, 2018) Did the organization meet its objectives, this is a binary objective measure. Did an individual make an above average contribution, average or below average contribution to organizational success, this is a subjective measure. IMO management requires both objective and subjective measures to properly manage the business.


Miller, S. (2018, April 11). Employers Seek Better Approaches to Pay for Performance. Retrieved December 16, 2018, from

Sacolick, I. (2018, May 10). What is CI/CD? Continuous integration and continuous delivery explained. Retrieved December 16, 2018, from

Tuli, S. (2018, August 10). Learn How to Set Up a CI/CD Pipeline From Scratch – DZone DevOps. Retrieved December 16, 2018, from



[google-drive-embed url=”” title=”Bocchinfuso_FIT-MGT5154-Week8_Assignment_20181215″ icon=”” width=”100%” height=”400″ style=”embed”]


8.5 Final Exam Results

Score for this quiz: 116 out of 120

FIT – MGT5154 – Week 7

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Perform an analysis for strengths, weaknesses, opportunities, and threats (SWOT) on the decision to build DIA

Internal Factors


  • The new DIA would satisfy the needs of the Denver area for the next 50 to 60 years. (Kerzner, 2017, p. 467)
  • DIA would be a model airport and the benchmark for other airports to follow. (Kerzner, 2017, p. 467)
    Ability to operate as a hub with 50 percent of passengers changing planes at DIA. (Kerzner, 2017, p. 469)
  • Reduction in traffic bottlenecks and fewer delays. (Kerzner, 2017, p. 469)
  • Solve the lack of runway increasing the airports capacity. (Kerzner, 2017, p. 469)
  • Improved air traffic and ground traffic control; greatly improving flight operations efficiency. (Kerzner, 2017, p. 469 – 470)
    • E.g. – Flight operations would be able to shift takeoff and landing direction base on wind patterns in 4 mins vs. the current 45 mins.
  • Ability to handle more large aircraft at concourse gates. (Kerzner, 2017, p. 470)
  • Increased opportunity to handle international traffic. (Kerzner, 2017, p. 470)
  • The new DIA could be a potential hub for Northwest and USAir creating a significant opportunity to increase revenue. (Kerzner, 2017, p. 473)
  • The land site would be larger than the Chicago O’Hare and Dallas–Ft. Worth airports combined providing room for expansion and the required noise buffer zone. (Kerzner, 2017, p. 474)


  • United and Continental who comprised 80% of the flights in and out of Denver object to the idea of building a new airport, fearing the added cost burden. (Kerzner, 2017, p. 467 – 469)
  • The land agreement limited DIA to such businesses as airline maintenance, cargo, small-package delivery, and other such airport-related activities. The land agreement places restrictions on air cargo and air freight revenue streams. (Kerzner, 2017, p. 475)
  • Zoning regulations, calling for no residential development with an LDN noise level of 60 and land use could limit expansion abilities. (Kerzner, 2017, p. 474)
  • Competition from Front Range Airport, potential expansion of the airport and/or lost revenue through for air cargo and freight. (Kerzner, 2017, p. 474)
    • E.g. – Cargo and freight carrier continue to use Front Range Airport because of the restrictions imposed by DIA.
  • Cost, economic pressure and design decisions.
    • E.g. – The terminal roof design would increase the cost of the project by $48 million and increase the duration of the project. (Kerzner, 2017, p. 477)
  • Availability of qualified contractors and suppliers. (Kerzner, 2017, p. 479)

External Factors


  • Expansion and increased revenue opportunities.
  • Operational efficiency could lower operating costs over time.
  • Region, city, state economic prosperity.
    • E.g. – Jobs, tourism, corporate operating taxes, etc…


  • Build plans scaled back due to the recession. (Kerzner, 2017, p. 475)
  • Funding volatility. Dependence on municipal bonds to fund the construction of DIA. Rating agencies and like S&P and Moody’s can impact the value of these bonds. (Kerzner, 2017, p. 479)
  • Airport operational timeline.
    • E.g. – Can BEA deliver eight years of work in two years, so the baggage handling system is operational? (Kerzner, 2017, p. 482)
  • Slow or no economic recovery.
  • Increases costs and fees at DIA impact threatens fight volume for the major (Continental) and low-cost carriers (Southwest). (Kerzner, 2017, p. 485)
  • Cost overruns and poor operational planning. (Kerzner, 2017, p. 486)
  • Staffing and personnel logistics. (Kerzner, 2017, p. 485)
  • Results of SEC investigation. (Kerzner, 2017, p. 488)
  • Faulty workmanship, failing construction and falsified records. (Kerzner, 2017, p. 492)
  • Ability to offset the increased cost per enplaned passenger. (Kerzner, 2017, p. 496)
  • Distance from downtown Denver. (Kerzner, 2017, p. 497)
  • Runway high wind shears. (Kerzner, 2017, p. 477)
  • Bad weather. (Kerzner, 2017, p. 479)
  • Mayoral race and political climate. (Kerzner, 2017, p. 479)
  • Denver lacked an agreement with Continental and United Airline securing the use of DIA. (Kerzner, 2017, p. 479)
  • Continental filed for Chapter 11 bankruptcy protection in December 1990 (Kerzner, 2017, p. 479)


Who are the stakeholders and what are their interests or objectives?

City of Denver: The city of Denver financed DIA with bonds. The city of Denver does not want to run out of cash as a result of DIA failing and default. If the city of Dever were to default it would be unable to pay its bondholders. Defaulting on these bonds significantly impacts the city’s ability to operate DIA and also impacts creditworthiness and future financing opportunities could impact the entire community.

Adams County and the residents of Adams County: Adams County is where the airport would be built. Ordinances were put in place to protect the residents of Adams County, but the reality is that there is now a massive airport in your backyard.

Federico Pena, Secretary of Transportation (previously Denver’s Mayor): While now the Secretary of Transportation I would imagine the legacy of being the Mayor who kicked off a major transportation project, and now the transportation secretary he would still have a stake in the success of the project. In politics every decision follows you, meaning that Pena is invested in the success of DIA or some way to disassociate himself from the failure. (Kerzner, 2017, p. 465)

Denver Mayor, Wellington Webb: The politician on the hook when DIA is opened. Probably not fun when he found out DIA may be built over an old Native American burial ground. (Kerzner, 2017, p. 465)

Greiner and Morrison-Knudsen the engineering firms hired to design and build DIA. (Kerzner, 2017, p. 476 – 477)

Union Pacific who was planning to put the rail lines in place which would connect downtown Denver to DIA. (Kerzner, 2017, p. 485)

Cargo carriers (UPS, FedEx, Airborne Express and others)impacted by delays associated with DIA and had committed to conduct operations from DIA. (Kerzner, 2017, p. 484)

United Airlines who was concerned that low operating costs at Front Range airport could see low-cost operators like Southwest Airlines move in and increase competition. (Kerzner, 2017, p. 484)

Other commercial airlines impacted by the success or failure of DIA. The Ability to survive in the market, market expansion and routes could/would all be impacted.

Financial markets and bondholders. Because bonds are similar to other financial instruments, they are held by individuals and also held in ETF, mutual funds and other financial instruments. Someone was betting on the success of DIA otherwise there would be no funding. (Kerzner, 2017, p. 501)

Airport and airline employees. Longer commutes, a significantly larger airport with underprovisioned equipment (Kerzner, 2017, p. 487) and wind shear (Kerzner, 2017, p. 487).

BAE who was responsible for a baggage management system that normally takes six years to install and two years to debug needed to execute in two years successfully. (Kerzner, 2017, p. 487)

U.S. West Communication Services: Awarded a $24.4 million dollar contract for DIA’s telephone system. (Kerzner, 2017, p. 483)


What appears to be the single greatest risk in the decision to build DIA?

Sure commitment from the airlines were critical, without airlines DIA cannot be a thriving airport, but I believe that the greatest risk to the sustainability of DIA was the ability for DIA to managed income to debt ratios and control bond ratings. Could DIA do what was required to generate enough income to outrun their debt given outside influences like higher enplanement costs, carrier volume reductions, an economic recession, the reliance on bond ratings to continue finance day-to-day operations, the political climate and a pending SEC investigation? DIA needed to understand their runway (how much time they had, not the tarmac), how the financial markets would react to decisions so they could establish DIA.

Bond rating agencies like Moody’s, S&P and Fitch Ratings will rate bonds based on the ability of the issuer to repay. A bond rating merely represents the issuer’s creditworthiness. Metrics like income to debt ratio indicate if a bond issuer can repay the principal and interest owed to bondholders. While DIA has many significant risks the biggest risks, I believe that access to the capital (potentially more capital) required to run day-to-day operations, market DIA, solicit carriers and remedy issues presents the most significant risk. Cash can help overcome issues because cash provides both the means and the time to remedy the situation.


What is the function of the project management team (PMT) and why were two companies involved?

The project management team (PMT) is a group who works together to achieve a task or goal. Bringing the right people together is extremely important, the skills required to accomplish the objective should govern team selection. These skills include technical subject matter expertise in a specific discipline, problem-solving skills, communication skills, and organizational skills.

The city of Denver engaged Greiner Engineering an engineering, and airport planning firm and Morrison-Knudsen Engineering a design-construct firm.
I believe the reason that both Grainer Engineering and Morrison-Knudsen Engineering were both engaged was to provide oversight and attempt to balance the city’s goal of creating a “thing of beauty” and airport personnel desire for the airport to be easy-to-clean. I think the goal was to provide focus while separating standards creation and conflict resolution from execution. (Kerzner, 2017, p. 476 – 477)

IMO the challenge here was not so much that there were two firms involved but more so that there was a lack of alignment on the design and construction objectives. Balancing the design aesthetic and operational efficiency requirements were extremely challenging.

When did the effectiveness of the project management team begin to be questioned?

The PMT effectiveness was questioned because it could not effectively manage the conflict between an aesthetic and operation efficiency. The PMT had the task of architecting a “thing of beauty” (Kerzner, 2017, p. 477), that was highly efficient, and it seems there was little it the way of compromise between the city and airport personnel. There were also numerous outside influences such as the recession and an uncertain economic climate, the carriers refusal to participate in design efforts, etc.

The PMT did not do a good job identifying project risks and contingencies. As a result, there were many unknown unknowns, rather than known unknows. (Projecttimes, n.d.)


14 Free SWOT Analysis Templates. (2018, November 07). Retrieved December 5, 2018, from

Harvard Business Review Staff. (2016, November 03). Five Critical Roles in Project Management. Retrieved December 5, 2018, from

How do Cities Default and Recover, and What Does It Mean for Bonds? (n.d.). Retrieved December 5, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Kim, S. D. (2012). Characterizing unknown unknowns. Paper presented at PMI® Global Congress 2012—North America, Vancouver, British Columbia, Canada. Newtown Square, PA: Project Management Institute.

Projecttimes. (n.d.). Things Known and Unknown. Retrieved December 5, 2018, from

Andrew, nicely done, as always.

The case study states that “The final part of the agreement limited DIA to such businesses as airline maintenance, cargo, small-package delivery, and other such airport-related activities.” (Kerzner, 2017, p. 474)
In reading this I felt that DIA might not be as attractive as Front Range for the cargo carriers. I realized after reading your post, and going back and looking at the text, that I probably misinterpreted the division on cargo and small-package delivery, thinking that DIA was restricting cargo to just small-package delivery, no I realize that was probably the wrong interpretation.

Do you not think the politicians were stakeholders? Would be hard to believe that any politician associated with a project of this magnitude would not have a stake in either taking credit for its success or distancing themselves from failure.

Border control was an interesting one that I didn’t think about but definitely could see that they would have a stake given that Denver would become a key entry point into the U.S.


Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Scott, yep, this was a long read and a pretty nuanced analysis.

How much open land is there for expansion? It seems like there is lot’s of land but it also seems that there are ordinances that could potentially be impactful. If a jet fires up its engines in the center of the 53-square mile radius, and the noise level is LDN is 30 what happens to the LDN if the jet moves ten miles to the north, south, east or west? My question is while there are 53-square miles, what is the usability of the land. (Kerzner, 2017, p. 474)

Is DIA in a prime location? 26 miles from downtown Denver vs. Stapleton which is 8 miles from downtown Denver. (Kerzner, 2017, p. 474)
“Prime location” as a strength and “far from city” as a weakness seems to be at odds. Is the prime location a prime location for carriers from a route perspective? Took me a minute to realize this was where you were going, but I get it.

Interesting that no one seemed to call out the politicians as stakeholders. What do you think? Are Federico Pena and Wellington Webb stakeholders?


Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Lyndon, nicely done, I like the use of HTML tables. 🙂

Do you think that bond ratings are a weakness or a threat? Given DIA’s reliance on bonds and bond ratings which impacted their ability to issue more bonds, interest rates, etc. I thought this was more of a threat than a weakness.

Does it seem reasonable that the city chose to engage Greiner Engineering and Morrison-Knudsen Engineers to try to balance the competing agendas and conflict between the city and airport personnel? Was there an issue with two companies being involved or was it more about a general lack of alignment on project objectives. Do you think the two engineering firms were engaged as an approach to try to attack what you mention in your response to “When did the effectiveness of the project management team begin to be questioned?”, focusing on standards and execution and thinking they could get this done without compromise?


Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.


Greggory, while the runways at DIA were 6x the length of the runways at Stapleton I wouldn’t want to be there when it snowed and they only had 25% more equipment than Stapleton. (Kerzner, 2017, p. 474) I would have rather had taken a connection through Stapleton. This a case of what could be a strength becoming a weakness. There is no way they are clearing those runways and getting flights out during a Colorado winter storm. Looks great on paper, but the operational execution would be poor because of bad operation decisions.

Should the underprovisioning of equipment relative to the size of the airport be listed as a potential threat?


Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Denise, thanks for sharing the link to the “Denver Airport Gets Another Ratings Boost” article. Good read, highlights the complexity of these deals, the massive financial market influence, and the involved power players, including Goldman, Sachs & Co., Leahman Brothers (well they used to be a power player), Moody’s and Fitch.


Preston, D. (2000, May 8). Denver Airport Gets Another Ratings Boost. The Bond Buyer, 332(30886), 4. Retrieved from

FIT – MGT5154 – Week 6

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Sorry for the late post this week. I am attending AWS re:Invent (Links to an external site.)Links to an external site. (if you are interested, follow me on twitter @rbocchinfuso (Links to an external site.)Links to an external site., if you are here DM me). Yesterday afternoon and last night I was a bit distracted by my first touch of an Amazon DeepRacer. (Links to an external site.)Links to an external site. (Links to an external site.)Links to an external site.

I’ve had a love affair with the Donkey Car (Links to an external site.)Links to an external site. for a few years, but Amazon’s DeepRacer is the Tesla of 1/18th scale autonomous vehicles. Very cool stuff for geeks like myself.

On Monday and Tuesday I couldn’t stop playing with connecting chatbots I had already developed with Amazon Sumerian hosts (Links to an external site.)Links to an external site.. The ability to take bot, have it leverage Amazon Poly (Links to an external site.)Links to an external site. and Sumerian (Links to an external site.)Links to an external site. to echo a response via a 3D avatar is just pretty damn cool.

Anyway, today is day four of AWS re:Invent and I’ll be sad when it’s over, but back next year for more fun, more learning, more game-changing announcements and another round of where’s Larry, this is where Andy Jassy makes fun of Larry Ellison. ( (Links to an external site.)Links to an external site.

Now for my responses to this weeks discussion questions.

When a crisis project occurs, who should be the leader of the crisis team?

The obvious solicited answer here is the “Project Manager” and while I agree that the “Project Manager” may sometimes be the appropriate person to lead the crisis team, but this is not a default standard. Much like a crisis management plan is a tool, not a blueprint, there is no blueprint for who should lead a crisis team. (Coombs, 2007, p. 4) The person who should lead the crisis team should possess a deep understanding of the project, the business, the crisis and should possess credibility with both the project team and key stakeholders, depending on the project this could be an engineer, it could be a senior manager, it could be a key stakeholder, it could be the CEO. Leadership in a crisis requires fortitude, accountability, professionalism and a positive mental attitude. (Newlands, 2014) James Burke, the CEO of Johnson & Johnson managed J&J through the Tylenol poisoning crisis. Burke was the person most equipped to manage this crisis, having to manage communication with a list of stakeholders which included stockholders, lending institutions, employees, managers, suppliers, government agencies, and consumers. (Kerzner, 2017, p. 447)

Will there be a crisis committee or a crisis project sponsor?

Coombs (2007) states that a crisis management team might be comprised of representatives from public relations, legal, security, operations, finance, and human resources. While I agree that input and engagement from each of these respective areas are important, my personal opinion is don’t believe a crisis can be effectively managed via committee, the crisis manager has to be careful here. While just about everything you read will say to create, identify or engage a crisis committee or crisis team I find this to be something that sounds good but practically crises are managed by individuals and risk is shared via committee. Should the crisis leader build support among stakeholders? Absolutely. Should the crisis leader solicit the opinions and engagement from department heads, management staff and other key stakeholders? Absolutely. Does support and engagement from team members make the crisis leader any less accountable? Absolutely NOT. All too often committees are used as an excuse for failure, the person leading the crisis team should be capable of soliciting and evaluating feedback, making decisions and owning the outcome. The wrong choice for a crisis leader is the individual who responds to failure with “I asked everyone’s opinion and we all agreed.” (Kerzner, 2017, p. 447)

How important is effective communication during a crisis?

Communication is one of the most important aspects of crisis management. (Maurer, 2014) Communication during the turmoil that accompanies a crisis is not easy, this is where a well-crafted crisis management plan which had pre-drafted communications, a communications timeline and communications mediums which may include web-based communications and mass communication systems which deliver concise crisis communication via phone, text messaging, voice messages, and e-mail. Media relations and the use of new outlets can also be an effective method of crisis communication. (Coombs, 2007, p. 7) For obvious reasons the individual dealing with the media needs to be skilled at doing so, “It is advised to designate a spokesperson, training them in dealing with the media, making sure all employees know who they are and how to direct the media to them.” (Bararia, 2018)

How important is stakeholder relations management during a crisis?

Communication and stakeholder relations management go hand and hand. It’s not likely that the individual designated to be the leader of the crisis team is not a good communicator. The crisis leader is going to be someone who has the credibility and likely established relationships to effectively managed stakeholder relations. A good crisis leader is typically going to be an excellent orator, able to communicate skillfully with stakeholders. While much of the communication during a crisis is directed by leadership, because crisis situations are stressful it is advisable to have a communication management plan that outlines how communications will occur, this includes but is not limited to internal communications, client communications, vendor communications, and media communications. (Maurer, 2014) We can see the clear value of how Johnson & Johnson, and CEO, James Burke managed stakeholder relations during the Tylenol poisoning crisis vs. how Vladamir Putin handled the Russian Submarine Kursk crisis. (Kerzner, 2017, p. 445 – 453)

Should a company immediately assume responsibility for a crisis?

YES! All you need to do is look at the Public Opinion View of Crisis Managment table in this in this weeks case study to know that not immediately assuming responsibility is a bad idea. (Kerzner, 2017, p. 454) We can see clear differences in how Johnson & Johnson and James Burke, CEO reacted to responsibility for the Tylenol poisonings vs all others. Burkes swift action, ownership and accountability, communication (internal and external) made J&J a victim in the court of public opinion. Personally, I think the CEO’s involvement and accountability in the Tylenol crisis made a huge difference. We see differences in how the companies who were viewed as villains communicated, the level of accountability and how swift their reaction was. It’s clear that the assumption of responsibility by an organization is critical, The Volkswagen clean diesel scandal is a great example of what happens when the crisis manager, the CEO, Matthias Müller in the case of Volkswagen attempts every trick in the book to avoid taking responsibility, to be fair he would have been admitting he was a criminal. (Atiyeh, 2018)

How important is response time when a crisis occurs?

Very important, with response time and accountability being linked to perception and reality. When a crisis occurs engagement has to be swift, well orchestrated but swift. The longer the crisis marinates without clear and transparent communication the more likely opinions will form. “It takes years to build a solid corporate reputation, but only hours to dismantle it.” (Holsberg, 2013) The faster the response to a crisis the more likely it is that the escalation can be controlled. “A well thought-out plan can help hotel management respond and control damage to the organization’s reputation, financial condition, market share, and brand value.” (Barton, 1994) To facilitate an expeditious crisis response an organization should have a crisis management plan, during a crisis a quick response can be difficult for obvious reasons, but a crisis management plan which clearly outlines a response and the necessary actions can help maintain control during a time of turmoil.


Aramyan, P. (2016, August 12). 5 Crisis Management steps for PMs to take during hardships. Retrieved November 28, 2018, from

Atiyeh, C. (2018, October 9). Everything You Need to Know about the VW Diesel-Emissions Scandal. Retrieved November 28, 2018, from

Bararia, R. (2018, March 19). Significance of Crisis Communications – Internal and External. Retrieved November 28, 2018, from

Barton, L. (1994). Crisis management: Preparing for and managing disasters. Cornell Hotel and Restaurant Administration Quarterly, 35(2), 59-65. doi:10.1016/0010-8804(94)90020-5

Coombs, T. W. (2007). Crisis management and communications. Retrieved November 28, 2018, from

Holsberg, M. (2013, July 1). Your Solution for SMART Response Plans. Retrieved November 28, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Mallak, L. A., Kurstedt, H. A., & Patzak, G. A. (1997). Planning for crises in project management. Project Management Journal, 28(2), 14–20.

Maurer, R. (2014, October 7). Communicate Effectively in a Crisis. Retrieved November 28, 2018, from

Newlands, M. (2014, August 23). 5 Things Successful Leaders Do in a Crisis. Retrieved November 28, 2018, from


Andrew, always enjoy reading your perspective. You discuss the value of intuition in the decision making process and mention that research by Shen & Wang (2018, p.15) that shows that engagement of a crisis management team can improve decision making. Shen & Wang (2018, p.15) state that this improves the scientific decision-making process. I agree that in order to make good decisions a leader needs to make informed decisions, at the same time, IMO I think we need to be careful to not manage via committee. Scientific decision making is a systematic approach to collecting facts, aggregating the facts, and using the information to make a logical decision, these decisions may be based on empirical data and information provided by the committee, but IMO the leader is responsible for a decision. What are your thoughts on the decision-making process during a crisis and accountability for decisions?


Shen, K., & Wang, S. (2018). Research on strategic pre-plan of enterprise crisis management in dynamic environment. Management & Engineering, (31), 11-17. doi:


Gregory, I enjoyed reading your thoughts. I am curious why “the project manager needs to be the leader of the crisis team”? If we assume that the project team is comprised of more than just a project manager (e.g. – product managers, engineers, executive sponsors, etc…) isn’t is conceivable that there is someone on the project team who may be better suited to address the crisis? Because we do not know what the “crisis project” is, can we say with any certainty who should be the leader of the crisis team? You mention that Jame Burke the CEO of J&J was designated as the crisis leader for the Tylenol crisis, and this was the right choice given the impact of the crisis. If a software development project or a drug discovery project is in crisis and the company has bet the future of the organization on these R&D projects should the PM be the crisis leader or is it time to escalate and appoint a crisis leader who can recalibrate the project. Is it fair to say that the project manager was the project leader as the project entered the crisis state? Should this same person be the crisis leader?

So many places to go with the PM comment, many of which would not be appropriate in a public forum. 😁

I feel like this could easily get political if we’re not careful. 🙂


Dana, do you think in a crisis situation a statement that the situation is being investigated to determine a cause is enough? Is it possible that a statement such as this could be perceived as the organization not wanting to take responsibility? I am sure there is a considerable aspect of this thas has to do with EI, how the message is communicated, how clear the “truth” is, etc… but just throwing it out that in a time of crisis not taking clear and full responsibility often can lead to a public opinion crucifixion. Thoughts?

Dr. Knight, I completely agree that leaders who emerge rather than those ascribed power are typically loudest or the strongest. Leadership is not about ascribed power, but rather like Simon Sinek says leadership is a choice, the choice to look after the person to your left and the person to your right. (Sinek, 2014) “When we feel safe inside the organization, we will naturally combine our talents and our strengths and work tirelessly to face the dangers outside and seize the opportunities.” (Sinek, 2014)

Interestingly I also took leadership training course a few years ago at CCL (Center for Creative Leadership) and they had us do a similar exercise where 20 people had to take an ~ 40-foot piece of thin PVC tubing and lower it to the ground from shoulder height, all fingers had to remain on the tube and the tube had to remain level, this is known as the “Helium Stick Test”. (Pietropoli, 2009) It was an interesting exercise to see people try to assert their leadership style, to see a leader get frustrated, someone else step into the leadership role and the cycle continue until it finally clicked and we accomplished the objective, which took a while.


Leadership Development Results That Matter | CCL. (n.d.). Retrieved December 2, 2018, from

Pietropoli, M. (2009, September 21). Helium Stick Test. Retrieved December 2, 2018, from

Sinek, S. (2014). Transcript of “Why good leaders make you feel safe”. Retrieved December 2, 2018, from – Nieuwsbrief&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-88Cxcw0ZCIQDB3SakdzomwQleXThXKLyUkUi1sYG17QdUU-yKIT38ePPZZaQzm-MuxlW53E6xQlKIrTYccYEg_H8-KnA

Andrew, interesting comments about Zappos. I think we live in a time where we like ideas like “we have no managers, just leaders”, we like having Googlers (Xooglers, Nooglers, etc…) (Karch, 2018) or Rioters (Riot Games, n.d.) instead of employees articulates about our organization. The search for talent is tough, in a world where everyone wants to be special as individuals and as an organization requires designations that transcend mere employee. Read through the description of these roles and you feel special. You are special, not a mere employee, you are a blah, blah, blah, part of something bigger, changing the world, a purpose you can only accomplish as part of blah. Large organizations like Amazon and Netflix create cultures which drive everything about the business including the individual, from tenets like customer obsession to frugality to radical transparency. I find it interesting that a few years ago all anyone could talk about was how great the Netflix freedom and responsibility culture was and today there are more and more people talking about is how toxic the culture is. (Spangler, 2018)

I like the idea that “to be a good leader you first have to be a good follower.” (Vetter, 2018) Today we are developing so many leaders, emphasizing individuality, all great traits but we also need to cultivate the ability to follow because to truly be a great leader we have to learn to follow.


Kantor, J., & Streitfeld, D. (2015, August 15). Inside Amazon: Wrestling Big Ideas in a Bruising Workplace. Retrieved December 2, 2018, from

Karch, M. (2018, October 31). What Do Xooglers and Nooglers Have to Do With Google? Retrieved December 2, 2018, from

Riot Games. (n.d.). Welcome. Retrieved December 2, 2018, from

Spangler, T. (2018, October 29). How Big a Problem Is Netflix’s ‘Culture of Fear’? Retrieved December 2, 2018, from

Vetter, A. (2018, March 08). Want to Be a Great Leader? You Need to Learn How to Follow First. Retrieved December 2, 2018, from

FIT – MGT5154 – Week 5

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Can the impact of one specific risk event, such as a technical risk event, create additional risks (which may or may not be technical risks)? Can risk events be interrelated?

Absolutely. A vision and mission are critical to the success of any organization an arguably even more critical when the organization is experiencing increased pressure from market competition and/or new market entrants. Luxor had been a market leader and now is threatened with becoming a follower amidst increased competition and lagging innovation. IMO a clear vision and mission with alignment from all department will be critical to Luxors survival. Looking at the marketing and engineering lists it seems clear that marketing is outlining potential impacts and engineering is outlining possible ways to retain technical market leadership, but there is no correlation between engineerings actions and marketings predictions.

It is clear that technical risk leads to market, sales, revenue and reputation risk. All of these are interrelated, poor reputation and you can’t attract the best engineering talent, without the best engineering talent you can’t recapture the technical leadership position.

Does the list provided by marketing demonstrate the likelihood of a risk event or the impact of a risk event?

No, the list provided by marketing provides potential outcomes or consequences resulting from a risk event. The risk IMO is “Luxor loses its position as a technical leader in wireless communication”, the list marketing provided is the outcomes resulting from this known risk. The risk management expert had identified that the competition has caught up to Luxor’s application engineering and was surpassing the Luxor in terms of innovation and patents. The risk expert identifies the likelihood that Luxor will need to make specific R&D investments, but marketing makes no assessment on the probability of risk.

How does one assign probabilities to the marketing list?

First, marketing needs to tie their potential outcomes to a risk. (e.g. – “Luxor loses its position as a technical leader in wireless communication”). Marketing should then develop a risk mitigation plan. ranking the risks in order or priority. Once the risk is ranked each risk would color coded as either red (risk currently occurring risk), yellow (the risk might occur), or green (the risk not a problem at the moment). Once the risks are identified they should be assigned a probability as either 1% (very low, unlikely) or 99% (very likely), also identify risk impact on a scale of 1 – 5 (very low – very high).

The seven items in the list provided by engineering are all ways of mitigating certain risk events. If the company follows these suggestions, is it adopting a risk response mode of avoidance, assumption, reduction, or deflection?

Based on the risk experts assessment it was clear that the technical risks identified could not be avoided or deflected. Engineering listed seven items that I would classify as risk response mode of reduction. Engineering makes suggestions that would help Luxor maintain it’s technical leadership position thus reducing or mitigating the risk of Luxor losing its technical leadership position.

Would you side with marketing or engineering? What should Luxor do at this point?

Tough question. My view is marketing’s list is a list of poor outcomes, not solutions, just possible outcomes. Not sure what I would be siding with is I sided with marketing, the end is near? I tend to really dislike lists that have the doomsday scenarios outlined without potential solutions. I would side with Engineering because based on the case study, IMO it’s the only option.  Then again I don’t play the Don’t Come line at the craps table either.

I think a world of first movers and fast followers (Links to an external site.)Links to an external site. Luxor needs to realize that there is a patent cliff (Links to an external site.)Links to an external site., and the strategy of maintaining a technical market leadership position through patent protection is a poor one. Luxor needs R&D, they need to innovate to retain a market leading position and if they can license their technology or patent portfolio to fuel innovation they should. Luxor needs talent, they need it fast IMO and in this market, the ability to capture talent is highly dependent on the purpose of the company, the culture, and its market reputation. From the case study, we know the situation is urgent, but there are many variables unaccounted for. Could Luxor acquire a smaller innovator, is a merger or sell-off the right options, how much time does Luxor have (i.e, what is Luxor cash position and burn rate), etc.

I am a huge Simon Wardley fan, I think that Luxor needs Wardley (Value Chain) Map (Links to an external site.)Links to an external site.. A few years ago at oscon (Links to an external site.)Links to an external site. I took a Wardley Map seminar and the purpose of the seminary was very similar to Luxor’s situation, it had to do with software where legacy a software platform was being threatened by new innovations.  The software company had various options ranging from patching the software to add new features, acquisition of a new innovator and sunsetting, sustaining and funding a parallel project to marketing the install base and selling the company. In the end, selling the company was the right decision.

I think Jeff Bezos comments last week regarding Amazon are apropos “One day, Amazon will fail, but our job is to delay it as long as possible.” (Kim, 2018) Fifty years ago who would have thought Sears would be gone, that in bankruptcy the most valuable asset would be Kenmore valued an a mere 400 million dollars. (Maynard, 2018) Worse yet, who would have thought GE would have a stock price of < $8 a share and market value which has dropped 500 billion dollars in the last eighteen years? (Wang, 2018)

Remember the Owen commercials? Luxor could go down this path, but it didn’t help GE. So while I would back the engineering plan in the context of the case study. I would dress up the company and sell it, now!



Carstens, D. S., PhD, PMP. (n.d.). Project Risks. Retrieved November 21, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Kim, E. (2018, November 15). Jeff Bezos to employees: ‘One day, Amazon will fail’ but our job is to delay it as long as possible. Retrieved November 21, 2018, from

Maynard, M. (2018, October 22). Sears’ Bankruptcy Highlights The Big Role It Has Played In America’s Kitchens. Retrieved November 21, 2018, from

Morphy. (n.d.). Risk Responses – options for managing risk. Retrieved November 21, 2018, from

O’Reilly Open Source Convention in Portland 2019. (n.d.). Retrieved November 21, 2018, from

Seave, A. (2014, October 14). Fast Followers Not First Movers Are The Real Winners. Retrieved November 21, 2018, from

Staff, I. (2018, April 25). Patent Cliff. Retrieved November 21, 2018, from

Wang, B. (2018, November 21). The Fall of GE – The Fall of GE. Retrieved November 21, 2018, from

Wardley, S. (2015, February 2). An introduction to Wardley (Value Chain) Mapping. Retrieved November 21, 2018, from


Denise, thanks for the reply and the kind words.  Nothing worse than moving the deck chairs on the Titanic.  🙂  It’s interesting, everyone asked the same question so I am going to reply to you and then to Chris and Scott.  My comment that “I would dress up the company and sell it, now!” makes the assumption that this is even possible, which it may not be.  My subjective opinion based on what I felt after reading the case study was: If Luxor has customers, if these customers have value now is the time to leverage the install base and the value it provides and sell the company.  The reality is that there are far too many unknowns to say what they would need to do to ready the company for a sale, if a sale is possible and if it is the right decision.

Step 1:  Develop a strategy (Links to an external site.)Links to an external site.

I am kidding, but I do love the Madlib strategy generator. 🙂

I mention Simon Wardley in my post so I thought I would share a few links, Wardley is the master.

A great @swardley Twitter thread from yesterday on value chain mapping.

Simon Wardley OSCON Keynote:  Playing Chess with Companies

Chris, thanks for the feedback.  Really tough question, as I explained to Denise there are just too many missing variables to build a strategy on the best way to approach selling Luxor.  What we do know or at least can infer from the case study is that they have customers, they were once in a market leading position and it’s likely that the most valuable aspect of their business is their customers.  They also have patents and a patent portfolio will have value, the more patents you have the easier it is to protect intellectual property.  So I don’t give the exact same response I gave to Denise, I would probably focus on the customer (user/install) base and the patent portfolio, we know they are losing ground from an innovation perspective so these seem like the right value propositions to market.  I would also engage a banker to begin quietly shopping the company.

I would suggest taking a look at some of the links I posted in my response to Denise.  You might enjoy them.

Scott, always a pleasure.  Responding from 35K feet on my way to Las Vegas for AWS re:Invent.  > 40K geeks hitting Starbucks at 7 AM, always a joy.

I read Greg’s response.  My investments would be in marketing the company, the customer base, the patent portfolio, etc… Some conjecture to think about:

  • Luxor was once the innovator and market leader.  They no longer are.
  • The implication here is that their tech is lagging.
  • Will the creation of an NPD with people who already work at Luxor really make a difference?
  • Given Luxor’s market position, can they recruit the best and the brightest?
  • Luxor is restrained by legacy.
    • They have customers they need to sustain.  They can’t abandon their install base.
    • New entrants win all the time because they are unencumbered by legacy.  This is the Netflix v. Blockbuster story.
  • Can Luxor innovate fast enough?

If possible, I would package this puppy up while there is still something to package.

I shared a bunch of links in my response to Denise that you might enjoy.

Denise, after reading the thread and the comments regarding engineering’s ability to execute without considering marketings objectives, it got me thinking about something.

I couldn’t remember how much detail the case study provide about marketing, so I opened up the book and sure enough, it just says marketing.  I started doing some research because I assume that the individuals who would be providing product requirements would be product managers, although the case study doesn’t say this.  Personally, the product manager has always been a role that has intrigued me, I have seen product managers report into engineering organizations and I have seen product managers report into marketing organizations.  Personally, I have always had better luck, better alignment and better results when the product manager has reported into the engineering organization.

In my research, I came across an article entitled “Where Does Product Management Belong in the Organization?”, the article states B2C (business-to-consumer) organizations often have product managers reporting into marketing, while technology companies specifically those focused on B2B (business-to-business) or enterprise produce often have product managers reporting into development or engineering.  The article does a good job dissecting the product manager role.  I think that it’s important to differentiation a product manager who is focused on developing and documenting requirements vs. a marcom individual.


Pragmatic Marketing. (n.d.). Where Does Product Management Belong in the Organization? Retrieved November 25, 2018, from



[google-drive-embed url=”” title=”Bocchinfuso_FIT-MGT5154-Week5_Assignment_20181125″ icon=”” width=”100%” height=”400″ style=”embed”]

FIT – MGT5154 – Week 4

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Is it possible for a company to have such a strong technical community that technical integrity is more important than the project itself?

Yes, with greater than 200 of QCI’s 340 employees being engineers, and executive management being comprised of engineers this is likely.
Throughout its 30 year existence, QCI has been an engineering-led organization. The composition of QCI’s executive leadership team indicates that QCI values technical integrity. (Kerzner, 2017, p. 105 – 107)

While doing research, I was interested to find that “in the tech industry, just 8 percent of CEOs at the largest 100 U.S. firms have primary backgrounds in sales, and less than 30 percent have any sales experience at all.” (Hutson, 2018) I feel like in my 25 years in tech I know a lot of CEOs who hail from the sales ranks, I wonder if these statistics have been skewed in recent years as a result of the FAANG (Links to an external site.)Links to an external site. phenomenon. With that said I also agree that many top-performing salespeople want to sell not manage.

QCI made an effort to implement a formal PMO (Project Management Office), but LOB (line-of-business) management reluctance had QCI adopt a fragmented project management structure. The value of a PMO is macro-level visibility across the organization. The fragmented structure that QCI adopted may have created some semblance of structure, but it did not address a macro level approach to project management.

Like most businesses, QCI’s business seems to adhere to the Pareto Principle (Understanding the Pareto Principle (The 80/20 Rule), n.d.), with 12 large customers in an estimated customer base of 52 total customers, ~ 23% of the customer base were large customers with ~ 77% of the customer base being small customers. (Kerzner, 2017, p. 107) While we don’t know the opportunity and revenue breakdown across QCI’s customer base if we apply the Pareto Principle, we can assume that 77% of the revenue and opportunity comes from 23% of the customer base. So many businesses struggle with focusing on the meaningful business.

It seems that the PMO was organized to focus on LOB (line-of-business) with focus on large and likely programmatic accounts, small and likely transactional accounts, internal R&D and capital equipment projects (which I assume are internal projects required to support the business).

What specific problems are present in the management of research and development projects?

Cross-functional project management with different organizational groups such as engineering, marketing product management, manufacturing, QA, finance and accounting all who lack strategic alignment and a vision of the desired outcome. (Kerzner, 2017, p. 108)
The lack of strategic and outcome alignment has caused a lack of organizational vision. The lack of strategy and defined outcomes has created organizational misalignment and opposing objectives, where marketing wants to move faster and push products to market more quickly, manufacturing intends to be more conservative and slow the process to provide proper time for quality assurance, while finance and accounting wish to move faster to accelerate the return on investment. Project management is spending time mediating opposing divisional goals rather than managing the project in alignment with the broader organizational goals. (Kerzner, 2017, p. 108)

Project management feels it does not have control over R&D projects, with marketing canceling project on a whim it makes it difficult for project managers to focus.

While not directly impactful to R&D there is an indirect impact on R&D created by small projects which are extremely difficult to manage, lack of project alignment and economies of scale across transactional opportunities, improperly set expectations, and a constant prioritization of lager customers over smaller customers make creating a positive customer experience very difficult.

I love this line from and a16z podcast entitled “From Research to Startup, There and Back Again”: “The more you charge, the more successful the implementation will be.” –
I suggest listening to the entire podcast, but if you want the most valuable lesson, listen to 11:00 – 13:00.

The same is true of large projects, there is a lack of respect for project management, with marketing and account teams feeling that project management adds no value and underdelivers of commitments. Because of the organizational engineering culture, engineers have a louder voice than project managers. There is a focus on trying to make every project successful which leads to mediocrity across the board rather than jettisoning projects and customers where excellence is unachievable to focus on delivering excellence and phenomenal customer experience. QCI is not making good decisions when managing through the Triple Constraint Model or the Value Triple Constraint Model. (Baratta, 2006)

Even though QCI has segmented, there are finite organizational resources, a lack of focus and clear well aligned corporate objectives results in waste which in this case has an impact on a critical aspect of the business, R&D which represents QCI’s innovation engine.

What recommendations would you make?

Marketing should develop detailed requirements documentation, and there should be a formal process for R&D and market testing. With the proper requirement and specification documentation created and approved, projects can be placed into the R&D pipeline, canceling a project at this point should anomalous. Right not it seems to be a common event which leads me to believe that marketing and the product managers are not following a formal BRD (Business Requirement Document), MRD (Marketing Requirement Document), PRD (Product Requirement Document), FSD (Functional Specification Document) process. (Logtenberg, 2017) QCI needs to add operational rigor to their R&D pipeline; marketing is highly accountable for requirement documentation, marketing does not need to own project management, what they need to do is focus on proper requirements gathering and documentation.

Change the approach to small-customer projects. All program delivery should operate within a program delivery framework. For large customers, this framework should adhere to best practices, but remain adaptable based on customer specific project needs. Large customers can support from a revenue and opportunity perspective a program team that can deliver a nuanced project. Small customers need to be part of a well defined and rigid QCI program, where QCI applies rigor to the project management process, transparency is critical for smaller customers. If the smaller customer follows the QCI process, the quality and customer experience will be better. The Pareto Principle says that QCI is wasting valuable resources and creating risks by engaging in projects with customers that don’t move the needle. Engaging with the wrong customers impacts the macro business while trying to be everything to everyone QCI is executing the vision of mediocrity. If 50% of the smaller customers decide they cannot accept QCI’s new operating model, it’s not impactful, and it frees up resources to begin to delight customers and chase opportunities where QCI can deliver exceptional customer experiences.


Baratta, A. (2006). The triple constraint: a triple illusion. Paper presented at PMI® Global Congress 2006—North America, Seattle, WA. Newtown Square, PA: Project Management Institute.

Hennessy, J., Andreessen, M., Casado, M., Chokshi, S., Clark, S., Spisak, J., . . . Pande, V. (2018, October 12). A16z Podcast: From Research to Startup, There and Back Again. Retrieved November 14, 2018, from

Hutson, D. (2018, April 06). So, You’re in Sales But (Secretly) Yearn to be a CEO. Here’s How to Make That Happen. Retrieved November 14, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Logtenberg, T. (2017, July 16). BRD, PRD, TRD… The case of the confusing requirements. Retrieved November 14, 2018, from

Understanding the Pareto Principle (The 80/20 Rule). (n.d.). Retrieved November 14, 2018, from


Sharing this link because I thought it did a really good job of comparing and contrasting Kanban vs. Scrum. (Links to an external site.)Links to an external site.


Thanks, Scott.  Weeks getting longer and longer, was in London last week, SFO this weel breathing in the campfire smoke and now spending the weekend in a medicine haze trying to recover from whatever bug I picked up.  While these are are the macro-level changes I’d try to influence something tells me there might be a more systemic issue at QCI, as they say, leadership starts at the top.  If we focus the business and start thinking through strategic initiatives and committing, but the outcome is nothing more then the status quo hopefully there is a board of directors who begins to make executive team changes.

I am not a fan of just another meeting, to JAM up my day.

I actually use the Amazonian 6-pager (Links to an external site.)Links to an external site. approach to meetings (4-pagers are OK) and the two-pizza rule (Links to an external site.)Links to an external site..  I can’t stand powerpoint because thinking in bullets causes people to gloss over the details, aka the things that matter in the execution phase, so many meetings feel like the presenter is presenting a powerpoint mindmap which lacks a well-thought-out and detailed narrative.  The ability to write a four to six-page narrative demonstrates a commitment to the idea, the need for a meeting, etc. and prompts participation from others attending the meeting.


Andrew, I am seeing an increasing trend by many engineering (software, hardware, cloud, etc.) firms to create a distinction between TPMs (Technical Project Managers) and PMs (Project Managers). Personally, I support the trend because I see it becoming increasingly difficult for a non-technical PMs to demonstrate value; wrangling the developers is getting harder and harder when you lack a well-calibrated bullshit meter.

A quick Indeed search for “Technical Project Manager” yields 1,355 jobs (, a search for “non-technical project manager” yields 7 jobs (, and a search for “project manager” yields > 300K results. I think many engineering companies are listing PM roles, but interviewing for TPMs. What do you think?

With regards to QCI do you think the issues at QCI are fixable via the PMO without major organizational and cultural changes? QCI’s business seems unfocused and uncommitted to a particular market segment. What do you think?


Job Search | Indeed. (n.d.). Retrieved November 18, 2018, from

IMO the worst kind of meddling is at work here; empowerment with a lack of executive direction and commitment. QCI suffers from executive expectations with the facade of empowered employees, but the expectation that it will just happen without executive leadership is painful to read. Executive leadership needs to focus the organization and ensure that all QCI employees are working towards the vision and mission of the company; culture starts at the top. If the target market, vision and mission of the organization are not crisp, everyone’s job becomes significantly more difficult.


Hubbard, L. (2018, June 26). Why Is Identifying the Target Market so Important to a Company? Retrieved November 18, 2018, from

Dr. Knight, IMO time is the enemy here.  QCI is not in a situation where things will get better with time, they are also not in a situation where they can make incremental changes and wait and see. QCI has a fractured culture that needs to be quickly addressed. Executive leadership needs to marshall change here, identify departmental leadership who is onboard with radically changing the culture and remove any bad actors from the business. The changes need to be swift and effective.

Scott, what are the PMs pushing? It’s hard to push everything. IMO if there was organizational alignment the PMs would be viewed as contributors, but because there is a lack of organizational alignment each division is trying to create and protect their individual agenda, this puts the PMO and PMs in a horrible situation. I would first drive to achieve broader organizational alignment and focus, this will require engagement from executive management. In parallel, I would look at reorganizing the PMO by making the PMO a standards body and aligning individual project managers with different areas of the business (R&D, engineering, marketing, etc.). The mission and vision should govern the direction of the organization, project prioritization, etc., not the loudest LOB or PM.

Scott, I can appreciate your perspective here and I clearly don’t have the details on the situation you wrote about. The broader questions I would ask are as follow:

  1. Is the PM willing to accept the responsibility of failure for the project? If so this has to be incredibly clear and the VP has to ensure that others entrust he/she as much as they do
  2. While being a hard charger who takes charge of a project is a great quality, a PM also has to be able to build constituency and garner buy-in from stakeholders. It’s nearly impossible for every decision to be the right decision, acting unilaterally can create some real challenges.

IMO PMs need to be organized hard chargers, it’s their job to marshall the project and the resources.

With this said PMs also need to be good politicians and leaders.    There is no magic bullet, I have worked on projects with great PMs who garner support from all stakeholders and manage expectations well with little technical acumen.  I have also worked with hard-charging PMs who don’t politic well and what I will say is no one is that on their game, so you end up with resources and stakeholders waiting for a miss so they can exploit it.  My advice is to be good at what you do, but do underestimate being likable.



[google-drive-embed url=”” title=”Bocchinfuso_FIT-MGT5154-Week4_Assignment_20181117″ icon=”” width=”100%” height=”400″ style=”embed”]


4.5 Final Exam Results

Score for this quiz: 116 out of 120

FIT – MGT5154 – Week 3

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Why was it so difficult for Rose Industries to implement project management prior to John Green coming on board?

“Rose Industries believed in inbreeding.” (Kerzner, 2017, p. 59). This is another way of saying they had an organization with a deep belief in organic growth; hire at the lower levels of the organization and grow leadership through the ranks. The challenge with this is how to infuse fresh ideas into the organization. Rose Industries also demonstrates an unhealthy approach to organic growth. This is evident in that the policy for professional development is “Take a vacation and pay your own way.” (Kerzner, 2017, p. 59) While Rose Industries valued organic growth they made no investments in educating their employees, this all but ensures that the approach of the organization and growth would stagnate.

Rose Industries didn’t believe in project management, their information systems were outdated or did not fit the business need (Kerzner, 2017, p. 60), but because of the commitment to legacy thinking, these problems only came to light as the result of the business beginning to fail.

As per the case study there is no indication that Rose Industries ever implemented project management, they didn’t believe in it before John Green was hired and Rose International’s dysfunction led to John Green’s resignation.

Was Green correct in his four components of a good project management culture?

Yes, I believe that Green was correct in his identification of communications, cooperation, teamwork, and trust as four key components of a good project management culture. (Suda, 2007)
Project management was nonexistent at Rose Industries. The lack of modern and applicable information systems made communication difficult. There was a misguided WIIFM (What’s in it for me?) factor that had broken down cooperation and teamwork within the organization. Lastly, there was a general lack of trust within the organization.
I think John Green needs to focus on pivoting the motivation from WIIFM to WIIFU (What’s In It For Us?) (Chien, 2011)

Was Green too optimistic with his four-step approach?

This is an interesting question. On the surface, John Green’s five-year plan does not seem unrealistic, overly aggressive or optimistic but with forty-five years of history inbreeding, a dysfunctional culture steeped in organic growth and a static mindset there are huge obstacles to overcome.
Hiring PMP qualified external resources to build and empower a PMO within an organization that has not traditionally hired top-level external talent and empowered them and discouraged internal employees from obtaining the PMP designation will be a challenge. I question the ability to execute the four-step plan, without a more basic plan to pivot the organizational culture.
According to Heerkens, a supportive organizational culture has the greatest influence on the successful implementation of a project management culture and yet it is the hardest fulfill. (Heerkens, 2000) The organization culture is killing Rose International, yet there is little desire to change.

What is your prognosis on Rose’s chances to remain in business?

While I think the plan presented at the executive staff meeting should have been far more basic in terms of establishing communication and trust the reaction of Rose International executives and the lack of any desire to change the course of the organization given the clear trajectory of the company points towards a grim prognosis. John Green’s resignation and the executive staff commitment to a strategy that is clearly not working leads me to believe that Rose Industries will eventually cease to exist.


Chien, C. (2011, February 15). From WIIFM To WIIFU: Effective Communication to Your End-Users and Stakeholders. Retrieved November 11, 2018, from

Heerkens, G. (2000). How to: implement project management in any organization. Paper presented at Project Management Institute Annual Seminars & Symposium, Houston, TX. Newtown Square, PA: Project Management Institute.

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Suda, L. V. (2007). The meaning and importance of culture for project success. Paper presented at PMI® Global Congress 2007—EMEA, Budapest, Hungary. Newtown Square, PA: Project Management Institute.


Scott, remember that while Blockbuster was resistant to change they also had a financial driver that they could not overcome. In 2000, 16% of Blockbusters revenues were generated from late fees (Anderson, 2010), a revenue stream that would have disappeared in a move towards a subscription service. Rose Industries will like mee the same fate as Blockbuster but they may actually have more hubris than Blockbuster because I am not sure their organizational culture is being driven by the fact that they don’t know how to explain to wall street that they are giving up 800 million in revenue to pivot the business model.

Most people have heard some version of the Mark Twain quote “There is no such thing as a new idea. It is impossible. We simply take a lot of old ideas and put them into a sort of mental kaleidoscope. We give them a turn and they make new and curious combinations. We keep on turning and making new combinations indefinitely; but they are the same old pieces of colored glass that have been in use through all the ages.”

Rose International seemed to just not believe in ideas, hire those who can be fully assimilated, provide them with no outside education, etc. Not sure how much more messed up an organizational culture could be.


Anderson, M. (2010, September 23). Hubris – and late fees – doomed Blockbuster. Retrieved November 10, 2018, from

Brandolyn, you point out knowledge as a missing component for a good project management culture, but doesn’t John Green address this by planning to hire PMP certified individuals from outside the company?

I also found it interesting that Ralph Williams understood how serious the issue was and that Rose Industries needed a CIO to drive innovation, develop methodologies and build a PMO for project governance yet there was no real executive team commitment demonstrated beyond the decision to hire a CIO. I was equally surprised that John Green a 20-year veteran with one of the largest IT consulting companies int he world would take a position where he would have to sell stakeholders on his vision after he took the role, sure it happens but senior level executive will typically identify objectives garner executive team stakeholder buy-in on their strategy and understand execution runway before accepting a position.

Dana, I would call the culture at Rose Industries oppressive rather than conservative. Rose Industries believed in one way, their way. I believe the reason people paid for their own training is the probability that someone would leave this hellhole was pretty high. Rose Industries preferred assimilation over education.

I suppose if you were willing to accept the Rose Industries way, and agree to never have an original thought you could rise through the ranks, sounds scary, but I can assume that some benefited from it. I can only hope that Rose Industries will go out of business.

“It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” – Warren Buffett

Build and protect trust, heed the warnings to address and correct things that might impact your reputation or trust long before you have to worry about regaining it because once you need to reestablish your reputation and trust it’s too late.


FIT – MGT5154 – Week 2

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Do projects go from green to red overnight? If they do, what is the likely cause?

“Projects do not go from “green” to “red” overnight.” (Kerzner, 2017, p. 46) Projects are typically on a trajectory that takes them from “green to “red”, the road to red is littered with early warning signs depicting this negative trajectory which are either not well understood or ignored. It is the role of the project manager to identify and understand the signs of a failing project and alter its trajectory before it fails.

Should a firm-fixed-price contract have been awarded from the ERP effort?

Based on the case study I think the answer to this question would be, no. I would also agree that a firm-fixed-price contract for an ERP (Enterprise Resource Planning) implementation effort is very risky given the size and scope of a typical ERP implementation. “The key to a successful fixed-price implementation is having the deliverables clearly spelled out in the agreement.” (Should You Choose A Fixed-Fee Cloud ERP Implementation, 2014) Because of the size, scope, the number of stakeholders involved, etc. in an ERP implementation the probability of cost and time overruns is high.

With this said I think that an ERP project in the modern SaaS era can be successfully scoped and delivered in a firm-fixed-price model. More and more customers are willing to go from zero to something using cloud-based ERP systems such as SAP HANA, Infor, NetSuite, etc. In these scenarios, it is possible to write and control a tight scope and deliver value to the customer.

Successful execution of a firm-fixed-price (FFP) contract relies on establishing firm requirements for new systems and developing and implementing solutions using mature technology, design, and implementation techniques. (Callaway, Hastings & Moeller, 2018) This was not the case for the engagement between Mannix Corporation and Prylon. If the ERP system was being the deployed as a SaaS solution, or a well-defined greenfield build rather than the multi-vendor, multi-application integration project that Mannix was attempting to execute on, a firm-fixed-price contract may have been appropriate.

What is the ultimate goal of a recovery project?

The ultimate goal of a recovery project is to assess, reset and restart the project with the objective of closing our the project and delivering the maximum value to the customer. To do so, the project manager (Jerry) must understand in detail what has occurred in the project to date, redefine the project scope, reset and manage stakeholder expectations, lift the project teams morale, restart and execute. The successfully execute the recovery project the project team must operate transparently, communicate, heed the warnings of past mistakes, metric progress, function as a team and stay positive.

Do stakeholders expect trade-offs during recovery?

It is the job of the project manager and the project team to ensure that the stakeholders expect tradeoffs during recovery. In the case study, Jerry does a good job of identifying trade-offs, developing a game plan and presenting these trade-offs to senior management at Prylon. Jerry presents what I will call the quadruple constraint of time, cost, value, and scope. Honestly, this is the First time I have seen these four constraints referenced like this. Typically I see either the triple constraint model (cost = f (scope,time)) or the value triple constraint model (value = f(scope,capability)) used. (Baratta, 2007) I am a huge fan of the value triple constraint because I agree that the measurement of the expected and actual business success of a project is more important than just the ability to meet a cost and budget target. Focusing on cost as a function of scope and time is a horrible starting point for setting expectations and delivering project value. We know these projects are dynamic, as is the case for so many technology implementation projects today, I believe this is why we have seen a shift from waterfall to hybrid to agile project frameworks. (Hartman, Griffiths, Rothman, Fewell, Kauffman, Matola, & Agile Alliance, 2018)


Baratta, A. (2007). The value triple constraint: measuring the effectiveness of the project management paradigm. Paper presented at PMI® Global Congress 2007—North America, Atlanta, GA. Newtown Square, PA: Project Management Institute.

Callaway, M., Hastings, S., & Moeller, A. (2018, March). Applicability of fixed-price contracts for successful cost control. In 2018 IEEE Aerospace Conference (pp. 1-16). IEEE.

Hartman, B., Griffiths, M., Rothman, J., Fewell, J., Kauffman, B., Matola, S., & Agile Alliance. (2018, September 18). What is Hybrid Agile, Anyway? Retrieved October 31, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Should You Choose A Fixed-Fee Cloud ERP Implementation? (2014, March 27). Retrieved October 31, 2018, from


Scott, good news.  I don’t think we disagree, I think it’s more philosophical than a simple disagreement. 🙂 I believe projects go from green to red in an instant from a perception perspective, but in reality, it’s not really how it happens. The number one place I see projects go from green to red is when the SoW (Statements of Work) is signed and passed from the sales team to the delivery team. We create scopes that more often than not define workstreams and deliverables, as the author of these SoWs we make assumptions, interpretation is often subjective and often steered by someone who wants to get the deal signed, this is where the project started going awry. The warning signs could not have presented themselves any earlier in the project. In the time it took the customer to sign SoW lathered in misset expectations the project went from green to red, and it hadn’t even started. I believe all the unforeseen issues, that happen “out of the blue” were foreseeable in the scoping process.

In your Toyota example, the project was red before it even started. I don’t believe in mistakes, only decisions that have poor outcomes. The stars were aligned in this example to make a quick decision, not do exhaustive due diligence, possibly to obscure some facts, everyone wanted the fast track, and they wanted the project to succeed, but hope is not a strategy.

Who knows, maybe it was an election year, maybe Toyota coming to town, the economic growth, public sector job growth prompted that late-night cell phone call where both Toyota and the politicians decided that they should obscure this little tidbit and push forward, knowing they would have to address the spring pygmy sunfish in the future. Yes, it seemingly went from green to red overnight, but did it? 🙂

Andrew, the poorly designed and constructed infrastructure dependency, I know it far to well, so often obscured during the discovery phase.

I liken the know of obscured/excluded infrastructure details to painting the street signs with different names at “Wimp Junction”. 🙂

The emergence and adoption of DevOps, cloud, etc. can be traced to the infrastructure dependancy you describe. Composable infrastructure, commodity hardware, cloud allow for infrastructure agility and elasticity which enable quickly adjusting to changing needs.

Release cycles give way to, canaries and blue-green deployments, and the focus is on iterating and automating recovery rather than rigid release cycles and testing which provides a false sense of security that a release is tested, production ready, etc.

I don’t do recovery projects.  I’ve run a sizable service delivery business for the last 18 years, and I have a simple rule, don’t rush me.  I am here to protect you from yourself, yes there are knobs we can turn and levers we can pull, but my scope will be comprehensive, and if I have dependencies like infrastructure requirements they will be called out in my scope. Measure five times cut once, and oh yeah, I am happy to walk away.

Want a fixed pice scope, probably going to be a rigid waterfall project, that I’ve executed a thousand times, in a greenfield environment where I own all the dependencies, have total trust and partnership from the stakeholders, etc… I will deliver on time and budget. If the scope is more nebulous, I will still estimate the project based on experience, defining epics and stories, assigning story points and calculating an estimated cost. We keep the sprints to a max of two weeks, holding daily standups and tracking burndown closely.

Andrew, excellent post, as usual. I agree that a project can go from red if there is an SME that somehow evaporates from the project and now the project t is FUBAR because a major dependency can’t be satisfied. But as you point out the projected started yellow, because you had a major dependency in the project which relied on a single SME, no one asked the question “What happens if Johnny gets hit by a bus?” I hear it all the time among salespeople, I talked to so and so and he knows this tech why can’t we well a project? I don’t like were in this business because we have a guy/gal who knows the tech, that’s not a business, it’s not if your gonna get burned, it’s when.

The aviation reference reminded me a speaker I saw a few years ago, John Foley a lead solo Blue Angel pilot (Links to an external site.)Links to an external site.. In John’s speech, he talks about the importance of the mission debrief and OODA (Observe, Orient, Decide, Act) loops (Links to an external site.)Links to an external site.. Instrumentation and redundancy are great, the ability to ingest diagnostics information, process it in real-time and adjust is obviously critical when flying a fighter jet, but this sort of skill is an advantage for anyone who is capable of mastering it. What I found really interesting about the John Foley speech was his focus on the debrief and the importance of continuous improvement, this is really about not only ingesting information in processing it in real-time but looking at the data during a debrief and using it to improve.



[google-drive-embed url=”” title=”Bocchinfuso_FIT-MGT5154-Week2_Paper_20181104″ icon=”” width=”100%” height=”400″ style=”embed”]

FIT – MGT5154 – Week 1

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

What is the critical issue with the Clark Faucet Company case?

  • Clark Faucet had a consumer product line which placed manufacturing focus on artful design which drove a higher price while their marketing efforts and customer based was commercial focused where cost was the key driver. (Kerzner, 2017, p. 7)
  • Clark Faucet had a noncooperative culture. Engineering and marketing did not work collaboratively and their relationship was adversarial. Any attempt to create project or program teams failed which led to a fractured organization, unilateral decision making and fiefdom building. (Kerzner, 2017, p. 7)
  • Ultimately this boils down to a lack of communication, strategy, focus, and prioritization.

What can be done about it?

  • Regroup, reset, and recognize that the adversarial relationship which had developed between engineering and marketing is the direct result of Clark Faucet not knowing who they are as a company. Clark Faucet needs to find their true north, focus, set priorities and execute. Designing, engineering, and manufacturing artful faucets in 25 different colors while marketing at tradeshows to commercial consumers which creates 375 projects with poor execution was not a result of marketing failing engineering or engineering failing marketing, but rather a poor corporate strategy due to an identity crisis.  Solve the identity crisis and a lot can be accomplished. (Kerzner, 2017, p. 7)

Can excellence in project management still be achieved, and, if so, how?

  • Yes! Excellence in project management can be achieved it merely requires focus, realistic expectations, and execution. I have not seen Clark Faucet’s SKUs, I don’t know Clark Faucet’s customer base, and I have not seen Clark Faucent’s financials, but I have seen Clark Faucet and I would be willing to bet that the “Pareto principle” (Links to an external site.)Links to an external site. is alive and well in their business. Recalibrating and focusing is probably easier than it seems.

What steps would you recommend?

  • Change the culture through executive leadership.  Mandates will not work, the culture is way past authoritative management, true leadership is needed.
  • Executive leadership needs to focus the organization on the 20% of the business that drives 80% of the revenue.
    • Is Clark Faucet a consumer or a commercial company?
    • How many SKUs should Clark Faucet design and manufacture?
  • Executive leadership needs to take ownership of the cultural problems which are largely the result of executive leaderships lack of a true north and breeding a culture of trying to do too much and doing none of it well.
  • Follow Jack Welch’s advice: “Great cultures deliver great numbers. Great numbers don’t deliver great cultures.” – Jack Welch
    • “Soft culture matters as much as hard numbers. And if your company’s culture is to mean anything, you have to hang — publicly — those in your midst who would destroy it. It’s a grim image, we know. But the fact is, creating a healthy, high-integrity organizational culture is not puppies and rainbows…  An organization’s culture is not about words at all. It’s about behavior — and consequences. It’s about every single individual who manages people knowing that his or her key role is that of chief values officer…” – Jack and Suzy Welch, Fortune Magazine Op-Ed

  • “Zone to Win” meaning realize that innovation and execution are different aspects of the business and you have to zone organizational resource and align objectives to win.

What obstacles exist in getting marketing and engineering to agree to a single methodology?

  • The biggest obstacle is the existing culture and adversarial relationship which has developed between marketing and engineering. Executive leadership needs to own this, clearly define the mission and values of the organization and empower chief value officers throughout the organization. If the vice presidents of marketing and engineering can’t get onboard they probably need to be publicly hung. IMO none of the higher-level cultural changes required to transform Clark Faucet can occur without a clear focus and the proper organizational structure.


Lastly, did anyone else find the juice the “procurement manager” had in the case study a bit overreaching and was anyone else as aggravated by the executive management approach here?



Denning, S. (2012, May 16). Jack Welch, GE, and the Corporate Practice of Public Hangings. Retrieved October 24, 2018, from

Irvine, D. (2015, July 23). Another Lesson From Jack Welch: Culture Is as Critical as Results. Retrieved October 24, 2018, from

Kerzner, H. (2017). Project Management Case Studies (5th ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Moore, G. A. (2015). Zone to win: Organizing to compete in an age of disruption. New York: DiversionBooks.

Thanks, Scott. This one was an interesting one for a couple of reasons. I am big on culture above all else and this discussion made me think back to our organizational behavior class. Interestingly enough I read an article the other day on Gizmodo entitled “Working at Netflix Sounds Like Hell”. (Jone, 2018) It’s funny how a few years ago the Internet and Silicon Valley was celebrating the Netflix culture and today the articles have shifted to likening the Netflix culture to hell. I am sure the 50/50 opinion rule is in effect here, the rule I try to live by as a leader is to always eat last. Like Simon Sinek says “Leadership is about taking responsibility for lives and not numbers.” As someone who served our country, I am sure you can appreciate this sentiment. I think this gets lost in business. Another great Simon Sinek quote that you’ll probably appreciate is from his Ted Talk “Why good leaders make you feel safe” and it reads like this “You know, in the military, they give medals to people who are willing to sacrifice themselves so that others may gain. In business, we give bonuses to people who are willing to sacrifice others so that we may gain.” (Sinek, 2014) In our rapidly changing purpose-driven culture I expect that the Netflix-esque cultures which are void of empathy will continue to come under fire.

  1. As for who should be publically hung, in order of priority:
    Executive leadership. The case study oozes authoritative executive management rather than leadership. This is apparent in the approach of mandating that the PMO solves what are obviously cultural issues. What we don’t know about Clark Faucet is if there is a board of directors or if it is a sole proprietorship with no one who can conduct the public hanging.
  2. The procurement manager, just because this person annoyed me in the case study and I think they need their wings clipped. No procurement manager should have this much juice. 🙂


Jones, R. (2018, October 26). Working at Netflix Sounds Like Hell. Retrieved October 28, 2018, from

Sinek, S. (2014). Transcript of “Why good leaders make you feel safe”. Retrieved October 28, 2018, from

Professor Knight, I think the sort of personal bonding you describe is an absolute requirement to develop high performing teams.  For the last twelve year’s I have made Presidents Club at my company, this is a boondoggle where “high performers” are taken to exotic destinations.  The first couple of years I turned down the event and in year three (2010), I was asked why I decline the invite, this prompted a Jerry Maguire style memo explaining that no one person holds this much value, that my job as a leader is to mentor others and I find the message that Presidents Club sends to be a negative one.  I went on to explain that the team is more important than rewarding any one individual, especially the leader who should be eating last.  This ended with my company taking the thousands of dollars they would spend on this trip for me and my spouse and allowing me to do a trip for my entire team, this has become something we have done for the past nine years and it’s part of our culture of inclusion, setting the expectation that we are in this together and that everyone is expected to work hard, of course, there are varying skill levels, but this has no bearing on value to the team because the expectation is that everyone is a rockstar in their give swimlane.

This year we held our annual two-day event in Atlantic City, New Jersey.  Two days of team bonding built around the idea of loving what we do.  Each attendee was required to build something using a Raspberry Pi (Links to an external site.)Links to an external site. and present why they chose the project, the development process and demo their creation to the team.  Here is a time-lapse video from the event:

Scott, I enjoyed reading your analysis.  Couldn’t agree more that there is a glaring lack of leadership at Clark Faucet.  I liked your commentary on scorched earth and the bat persuasion approach.  I was reminded of this scene from “The Untouchables”.

Maybe a company screening of “The Untouchables” is in order at Clark Faucet.


I am also reminded of one of my favorite documentary series, “The Men Who Built America” (Links to an external site.)Links to an external site. and a question I often ask myself “What would Henry Clay Frick (Links to an external site.)Links to an external site. do?”


Denise, I enjoyed reading your analysis, well done. Do you think that communication is the root cause or is the lack of communication and the adversarial relationship that exists between marketing and engineering really just a symptom of lack of an organizational true north, a lack of a corporate identity and subsequently the lack of a corporate culture? Is the critical issue not a lack of leadership and nonexistent corporate culture? The case study shows a clear inability by executive management to focus the company, wanting to serve both the consumer and commercial markets, but lacking scale to do so has created a culture vacuum where engineering is trying to figure out how to develop and sustain dozens of SKUs catering to a consumer market, while marketing is saying the commercial market and trade shows is where the revenue resides and engineering should be focused here. Not even sure what the procurement manager is doing, other than annoying me and probably everyone at Clark Faucet who are also wondering why this person has so much authority.

The root cause of the fracture in my mind is easy to solve, focus the company, jettison the focus on the consumer market and go all in on the commercial market. This is the fulcrum upon which executive management can pivot and establish a true north, reset the corporate identity and begin to build a culture of teamwork focused on a clear and common goal, to dominate the commercial faucet market. IMO without this level of executive focus and cultural leadership, a PMO will be totally ineffective.


Mary Jo Hatch, Majken Schultz, (1997) “Relations between organizational culture, identity and image”, European Journal of Marketing, Vol. 31 Issue: 5/6, pp.356-365,

FIT – MGT5155 – Week 8

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

Unlike Andrew who intelligently worked ahead, I have been just trying to keep up given my travel the last month or so. I live in New Jersey and in the last 30 days I have been to SFO four times, LAX once, SNA once, LAS once, CMH once, DUB once, CDG twice and LHR once. Today I arrived home on a redeye from SFO and Sunday night I fly to Heathrow. It’s been a long few months and at the moment my travel schedule looks the same through March 2019. I have really enjoyed the discussion post style in this class, I like the open-ended thought-provoking approach and the latitude it provided. I really feel this provided a great approach to develop the dialog and I have enjoyed reading and contributing each week.

“We Have Met the Enemy…”

Have We Met the Enemy? IMO, ABSOLUTELY NOT! The enemy lives in the shadows, we have met the threat, but not the enemy. We hypothesize on who the enemy might be based on the target, but in most case, we have not met the enemy. I really like this quote “the benefit of finding out just who is poised to attack you pales in comparison to finding out what they have an opportunity to attack.” (Robb, 2016) This is interesting to me from a few perspectives:

  1. Does knowing who the enemy is or meeting them offer a benefit? If so, what?
  2. What is the probability of identifying the enemy vs. identifying the vulnerabilities? Are we looking to answer the question of “who” before we answered the question of “what”?
  3. Do you focus on the intangible and arguably insignificant answer to the question of “who” or do you focus on the tangible and valuable answer of “what”?

We know that there is an increase in threats from nation-state hackers (Sheridan, 2018) and hacktivist groups like Anonymous (OConnell, 2016) but is relevant? Yes, the intent is relevant because a script kiddie just joyriding on your network is a lot different than a nation-state exfiltrating data. Yes, it’s relevant to know what you offer to a hacker, why you might be the target of an APT (Advanced Persistent Threat), to hypothesize on where attacks might originate because this might allow you to get into the mind of the attacker and thinking like the attacker can help you better prepare. With this said I think it’s important to realize that regardless of if it’s a nation-state of script kiddie looking to joyride the vulnerability was what they exploited; hedging a strategy based on who the attacker might be and the damage they might do is probably not the right decision.

Anticipating the “who” is like watching NFL game tape, it helps you prepare to read the offense so you can orchestrate a defense with a higher probability of success. While NFL players may not be better raw players as a result of sitting and watching game tape they are developing the edge that allows them to exploit the opponents’ vulnerability, hackers do this, but an unprepared or underprepared end-user (the human factor) is often what the hacker is betting on. The ability to read the defense or the offense comes from education. The ability for the end user to identify a potential phishing attack comes from education and vigilance. The difference between the opposing forces in the NFL and the hacker vs. the end-user is the hacker is far more invested than the end-user. We need to educate the end-user to realize that we live in an era where data is more valuable than oil, that they, the end-user, the human factor is the best defense or the biggest weakness.


de Bruijn, H., & Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1-7.

OConnell, J. (2016, September 13). 10 Most Notorious Hacking Groups of All Time. Retrieved October 19, 2018, from

Robb, S. (2016, September 30). Cyber Defense and the Unknown Enemy: 3 Best Practices. Retrieved October 19, 2018, from

Sheridan, K. (2018, February 29). 8 Nation-State Hacking Groups to Watch in 2018. Retrieved October 19, 2018, from

The world’s most valuable resource is no longer oil, but data. (2017, May 06). Retrieved October 19, 2018, from

Wright, K. (2012, March 01). Cybersecurity Roundtable: The Enemy is Unknown. Retrieved October 19, 2018, from

Andrew, I can certainly relate to your travel schedule, my past few months have been brutal as well. Glad to be nearing the finish line.

I agree with you that the enemy is the human factor. Let’s face it the internet is one giant honey pot and for those with skill, des, re and malicious intent, it’s the perfect storm of riches and anonymity. If we believe that data is the new oil, we (as individuals) often leave our most valuable asset (data) unprotected. While I don’t use dictionary words or l33t passwords, I don’t use single-factor authentication, etc. the average person puts their information on the information superhighway with an easy to remember l33t password, no multifactor authentication and they use that same password everywhere. Hacks, where user information is exfiltrated, allow the creation of huge word lists which can be used for dictionary attacks. There is a multiplier affect each time user data is exfiltrated because of our individual security practices.

The Target data breach is just plain scary. Why would an HVAC contractor have access to Target’s internal systems? Assuming they needed access for whatever reason why they would be given access to systems on a network segment which can route to their payment systems is just beyond odd. In the case of Target, it seems there was a massive technology architecture fail that occurred way upstream from the IPS/IDS events and SOC response.

The human element is by far the largest vulnerability in any system, old-school espionage is alive and well, social engineering is on the upswing and FOMO is not helping our security posture.


Kerbs, B. (2014, February 5). Target Hackers Broke in Via HVAC Company. Retrieved October 20, 2018, from

Passwords. (n.d.). Retrieved October 20, 2018, from

Kamelia, I agree, the biggest vulnerability being exploited by hackers is the uneducated or undereducated end user. But we have some real things to be concerned about when it comes to the human factor.

  • Rule #1: We have an entire generation entering the workforce which has been labeled the “Click Generation”. (Marcia, 2015) This generation (Gen Z) will eclipse Millenials in terms of economic power by 2020. (Morris, 2018) Like their pseudonym suggests they like to “click”, and they do it fast and furiously.
  • Rule #2: What’s email? Isn’t that for old people?
  • Rule #3: What’s a “preview” pane? Oh, something else for old people.

The world is changing fast, but there is some good here.
My kids who are both Gen Zers have no desire to use Windows or MacOS, they are either on their iPhone or Chromebooks. This is good and bad, In theory, because they don’t use thick clients a centralized security paradigm may be easier to architect and enforce. The ransomware we’ve come to know that attacks CIFS shares is made extinct via the extinction of the CIFS/SMB protocol. The bad news is the “Click Generation” oozes FOMO so the idea of slowing down clicking seems unlikely. Centralization creates a larger honey pot with a much larger blast radius. Only time will tell.


Marcia. (2015, July 27). Generation Z Coming Into The Workforce | Click Generation. Retrieved October 20, 2018, from

Morris, C. (2018, May 2). Gen Z will outnumber millennials by 2020. Retrieved October 20, 2018, from

8.3 Exam Results

Score for this quiz: 300 out of 300

FIT – MGT5155 – Week 7

The submissions for this assignment are posts in the assignment’s discussion. Below are the discussion posts for Richard Bocchinfuso, or you can view the full discussion.

“Pen Testing” or Penetration Testing is typically conducted by white hat hackers, also known as ethical hackers. In contrast to black hat hackers who attempt to hack, penetrate, exploit, vandalize, etc. systems the white hat hacker attempts to penetrate a system to identify vulnerabilities so they can be remediated. It is important to realize that vulnerability scans and penetration tests are not synonymous. Vulnerability scans are often automated and inspect systems for known vulnerabilities, while penetration tests focus on attempting to exploit a system, this can be any combination of attack tactics including both social engineering (hacking the human factor) and technical hacking (hacking the machine). (Barnett, 2017) A penetration tester acts as an attacker, adopting the mindset of the attacker. Penetration testers need to possess the technical skills to conduct attacks, but they also need the mind of an attacker. This is why we see famous black hat hackers like Kevin Mitnick running successful cybersecurity businesses like MitnickSecurity (Links to an external site.)Links to an external site.. The move from black hat hacker to white hat hacker is no different than the story told in “Catch Me If You Can” (Links to an external site.)Links to an external site. where Frank Abagnale Jr. makes the move from a check counterfeiter to FBI counterfeiting expert. Thinking like the individual you trying to protect against is key to being a good penetration tester. (CyberVista, 2017)

While penetration testing tools and toolkits are varied there is a process that most testers follow. This process is (Incapsula, n.d.):

  1. Planning and reconnaissance: Define the scope of the test and gather intelligence. During the planning phase, the tester would determine the testing method. Because penetration testing is an ethical hack the tester is given permission to try to gain access and exploit a system. Testing methods include:
    1. External Testing: Testing internet accessible assets from outside the internal network.
    2. Internal Testing: Testing internal assets which are not internet accessible, but that could be attacked but a malicious insider.
    3. Blind Testing: Test us, here is our company name.
    4. Double Blind Testing: Same as blind testing, but insiders and security personnel are not informed of the test.
    5. Targeted Testing: Insiders and security teams work collaboratively. This type of testing is valuable for training security personnel because the pen tester provides real-time information to the security team.
  2. Scanning: Static and dynamic target inspection. There are various tools to automate scans.
  3. Gaining access: Access system and exploit vulnerabilities.
  4. Maintaining access: Determine if access can be persistently maintained.
  5. Analysis: Compile the results of the penetration test.

Hacking has always been an important learning tool for me. Learning to exploit vulnerabilities can be a fun way to dig deeper into a particular technology and strengthen skills, it’s not always about exploiting something, the process of reverse engineering has often exposed details about a specific technology that I otherwise would not have investigated. I started hacking, cracking and phreaking the mid 1980s, back then I followed Captin Crunch (John Draper) (Links to an external site.)Links to an external site. and phone phreaked, today I am still a 2600 (Links to an external site.)Links to an external site. subscriber and I have added podcasts like Hak5 (Links to an external site.)Links to an external site. to my portfolio of edutainment. In the 80s I was really into BBSes (Bulletin Board Systems) (Links to an external site.)Links to an external site., online communities that pre-date the internet. FidoNet (Links to an external site.)Links to an external site. for life, but I digress, anyone who was BBSing in the 1980s knows that long-distance and exchange costs were painful; let’s just say the blue box (Links to an external site.)Links to an external site. was hard to resist. While I do love playing with application and OS exploits as well as WiFi hacking my current passion is RF hacking.

If you are looking for something to do with that old DirectTV mount I suggest repurposing it for for a high-gain WiFi antenna rig to supercharge your WiFi hacking. Here is a pic of my setup. 🙂

My RF hacking tool of choice is the HackRF One (Links to an external site.)Links to an external site. which I use for fun and to spread awareness of just how insecure the radio waves can be. My neighbors really love when I show them how easy it is for me to lock and unlock their car, pop their trunk, opening their garage door, and disable their alarm system; with their permission of course).

Like any good techie (hacker), my home office is filled with lots of RasperryPis (Links to an external site.)Links to an external site., multiple computers with my hacking machine running Parrot Linux (Links to an external site.)Links to an external site. as opposed to the more mainstream Kali (Backtrack) Linux (Links to an external site.)Links to an external site.. I am a fan of bWAPP (Links to an external site.)Links to an external site. aka a buggy web application to practice skills but I also use Pentester Lab (Links to an external site.)Links to an external site. and Hack This Site (Links to an external site.)Links to an external site. for learning. I have machines running in AWS and OVH, and a rack of equipment in my basement. There aren’t enough toys to keep me entertained.

With the explosion of edge technologies and the connected world, the attack surface continues to increase. Today we don’t just need to pen test the glasshouse data center but we have to worry about every edge device, many of which are manufactured with well know exploits. It’s well known that many low-cost Bluetooth can easily be hacked. @jasongorman recently posted the following tweet “Of all the responses by Facebook to some massive data breaches oh and then accidentally possibly helping to end Western democracy, ‘We want to put a webcam in every home’ seems to lack self-awareness” He is referring to the Facebook portal device (Links to an external site.)Links to an external site., and that idea that FB just gave up access to the information of 50 million users, maybe releasing a camera that people can connect to their Facebook account is a bit mistimed. I agree it seems to lack a certain sense of self-awareness or maybe Facebook realizes that the same number of people who read the terms-of-service will care about the hack and not buy the Facebook portal, maybe they are very self-aware and @jasongorman and I are just situationally unaware.


Barnett, P. (2017, December 20). Vulnerability Scanning vs. Penetration Testing. Retrieved October 12, 2018, from

CyberVista. (2017, April 24). Penetration Tester: The Secret Agent. Retrieved October 12, 2018, from

Incapsula. (n.d.). PENETRATION TESTING. Retrieved October 12, 2018, from

Pentester’s Guide to IoT Penetration Testing. (2018, July 02). Retrieved October 12, 2018, from

Christopher, it’s interesting, we hear a lot about how machine learning, deep learning, and artificial intelligence are being used to improve security offerings, everything from SIEM (security information and event management) to antimalware to next-generation firewalls. Cisco calls the use of artificial intelligence in next-generation security products the network intuitive, where the system continuously learns and develops intuition and the ability to infer intent. (Walker, 2017)

What few people realize is that machine learning, deep learning, and artificial intelligence is also being used by hackers. A project called DeepHack where the developers weaponize a machine learning algorithm. (BishopFox, 2017) The technologies for defenders and attackers are getting far more sophisticated, in the future, much will depend on how the user can leverage these underlying complex but powerful technologies. I believe penetration testers will have to learn how to use machine learning frameworks such as TensorFlow, MXNet, and PyTorch.


BishopFox. (2017, July 31). Bishop Fox Introduces Hacking AI “DeepHack” at DEF CON 25. Retrieved October 14, 2018, from

Walker, K. (2017, June 26). Introducing The Network. Intuitive. Retrieved October 14, 2018, from


Carmeshia, I enjoyed the post. The timing of your post is impeccable in the wake of the October 4th Bloomberg Businessweek article (Robertson & Riley, 2018) which stated that the Chinese government (military) was manufacturing microchips that were being placed on motherboards at Chinese factories that manufactured motherboards for Supermicro. The article went on to state that he motherboards went into servers which shipped to dozens of U.S. companies including Amazon and Apple.

Supermicro, Apple and Amazon (Schmidt, 2018) all issued statements of denial, stating that there is no evidence to support the claims made in the Bloomberg report. (Naughton, 2018)

This the truth is not clear here, what is clear is that a country (China) which is a major component manufacturer and a critical supplier to most tech companies has been linked to more than one nation-state attack with a well know cyberwarfare unit (PLA Unit 61398, 2018). Dr A. Theodore Markettos, a Cambridge University researcher, conducted an initial investigation of a key bit of the Supermicro hardware to see if the Bloomberg claim passed what he called “the sniff test” of initial plausibility. He concluded that the Bloomberg report does pass the sniff test. (Markettos, 2018)

Implanting malware on devices during the manufacturing process is nothing new, we’ve seen reports of malware being inserted during the manufacturing process on low-end Android devices (phones and tablets) for years. (Jones, 2018) I expect we haven’t heard the last on the Supermicro saga, it will be interesting to watch it unfold and see how major corporations like Apple and Amazon react.


Jones, R. (2018, May 24). More Than 100 Cheap Android Phones Found to Have Malware Preinstalled. Retrieved October 14, 2018, from

Markettos, T. (2018, October 5). Making sense of the Supermicro motherboard attack. Retrieved October 14, 2018, from

Naughton, J. (2018, October 13). The tech giants, the US and the Chinese spy chips that never were… or were they? | John Naughton. Retrieved October 14, 2018, from

PLA Unit 61398. (2018, August 12). Retrieved October 14, 2018, from

Robertson, J., & Riley, M. (2018, October 4). The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies. Retrieved October 14, 2018, from

Schmidt, S. (2018, October 04). Setting the Record Straight on Bloomberg BusinessWeek’s Erroneous Article | Amazon Web Services. Retrieved October 14, 2018, from


[google-drive-embed url=”” title=”Bocchinfuso_FIT-MGT5155-Week7_CaseStudy_20181014″ icon=”” width=”100%” height=”400″ style=”embed”]