You know the expression, "What got you here, won't get you there"? That is true of the transition from technical person to manager to leader. This companion course to MGT 512: SANS Security Leadership Essentials will give you one of the tools to be successful as a senior IT strategic planner.

Strategic planning is hard for people in IT because we spend so much time responding and reacting. Some of us have been exposed to a SWOT or something similar in an MBA course, but we almost never get to practice until we get promoted to a senior position, and then we are not equipped with the skills we need.

And we will practice in class to build those skills. Topics covered in depth include how to plan the plan, horizon analysis, visioning, environmental scans (SWOT, PEST, Porters etc.), historical analysis, mission, vision, and value statements, and then the planning process core, candidate initiatives, the prioritization process, resource and IT change management in planning, how to build the roadmap, setting up assessments and revising the plan. We will see examples, hear stories from business, especially IT and Security oriented businesses, and then work together on labs.

Business needs change, the environment changes, new risks are always on the horizon, and critical systems are continually exposed to new vulnerabilities. Strategic planning is a never-ending process. This is a hands-on, exercise- intensive course on writing, implementing and assessing strategic plans.

Author Statement

I had read about SWOTs for years, but was shocked at how difficult it was to create a strategic plan and get it approved. Some executives or auditors would say it doesn't look out far enough, others would say it isn't realistic to look out so far, some would say you are too bold, others you are too tame. One plan I did the heavy lift on went through 18 revisions and still only had mixed approval. I was reading everything I could on strategic planning and looking at published plans, and finally I saw the key - "plan the plan." It is the same basic notion as "plan the dive, dive the plan." It took six months, but I documented the entire process. I set up assessment gates for each part of the process and worked to get unanimous agreement on the strategic planning process; soon thereafter, I won approval for the plan. That is when I started thinking about developing this course, I didn't want anyone else to go through that level of frustration, or look that incompetent to senior IT management and the board. The goal of this course is simple, to give you the tools to create a repeatable, successful product.

-- Stephen Northcutt