Defence Cyber Security Capability Improvement Program Management Office

WHAT

SYPAQ established and managed ongoing operation of the Cyber Security Capability Improvement Program Management Office (PMO) in 2016, successfully delivering an independent and integrated program of work on behalf of the Defence Chief Information Officer Group (CIOG). SYPAQ’s key focus was development of business cases informing prioritisation of investment decisions traceable from an individual benefit profile to CIOG Portfolio level benefits. This was underpinned by the development, implementation and management of architectures, gap analyses, program scheduling, stakeholder engagement and communications, change implementation and strategic planning of risk and opportunity. SYPAQ achieved this under governance of the CIOG Benefits Management Framework and associated tools establishing, monitoring and reporting on the CSCI program of work and identified real and achievable benefits as either cash or economic.

WHY

Due to resource and schedule constraints, the Defence CIOG engaged SYPAQ to provide support in delivering an independent and integrated program delivery capability that would address the requirements of the Cyber Security Capability Improvement Work Program. SYPAQ produced a consolidated view of program benefits highlighting interdependencies between projects and Business as Usual through life support. With the rate of change (both technological and threat environment change) within the Cyber Security domain, SYPAQ’s definition of benefits at the program level informed effective prioritisation and capability definition to meet current and emerging Defence CIOG needs.

HOW

SYPAQ provided specialist knowledge and directly relevant experience in the successful delivery of both Defence PMO services as well as demonstrated success in delivering complex ICT projects and programs across both Defence and other Federal Government clients. Through current involvement in a range of cyber security programs, the SYPAQ CSCI PMO understood Defence CIOG environment and provided early insight of the potential for change in Defence cyber needs and planned accordingly. This depth of expertise provided flexible and responsive services to Defence whilst providing resilience for surge for specific requirements. SYPAQ delivered business outcomes by being aligned to the CIOG Vision and Benefits Management Framework and applying strong business analysis and systems engineering processes to ensure traceability of requirements, business case and objectives, to benefits realisation and benefits plan.

Regarding benefit realisation, the SYPAQ PMO detailed and managed those that were to be had, when and how, as well as the benefit owner, necessary changes in business practices to achieve these, the role of stakeholders involved in those changes, the timeframe over which change will be implemented, realisation of benefits and subsequent harvesting of the benefit’s value and how they were measured, monitored and reported on. SYPAQ actively identified and managed who was influential in shaping PMO outcomes, whose buy in was highly critical to success, and those impacted, either positively or adversely from the change process. SYPAQ PMO status reporting tracked progress on key areas such as schedule analysis and dependencies, benefits realisation analysis (both cash and economic in accordance with required frameworks and the commonwealth procurement rules), lifecycle financial status, top risks and issues and those newly identified plus associated mitigations, and any scope changes and associated decisions.

The SYPAQ PMO performed the following services ensuring the CSCI program of work was successfully delivered:

  • Developed capability definition work including preparation of and development of Business Cases and statements of work for Cyber Security projects including capability requirements, functional specifications, engineering and solution architectural services;
  • Managed change to the CSCI work program in response to new or changing Defence cyber security needs;
  • Developed procurement documentation for the acquisition of Cyber Security Computer Network Defence capabilities;
  • Developed and maintained the CSCI Program schedule;
  • Monitored and reporting on the performance of the CSCI Program and the benefits realisation status including benefits variation relating to changes in the cash, economic and non-cash benefits expected to be realised for the program; and
  • Coordinated and undertook the secretariat role supporting Cyber Security Governance forums.