Senior Security Consultant
Dusty Anderson is a senior security consultant in Optiv’s identity and access management (IAM) practice, as a member of the Strategic Consulting Solution Area. In this role she specializes in consulting services related to IAM, including workshops, assessments, and during solution implementations works closely with Optiv’s clients to analyze and develop requirements and use cases that align with the client’s business needs, as well as the solution’s capabilities.
Avoid User in Training
Often when I’m onsite with clients, gathering requirements for an identity and access management (IAM) solution implementation, I’m asked, “What are some key things that we should do to help this implementation be successful?”
Clients are rarely prepared for the answer because it has nothing to do with the implementation. Implementations are becoming highly standardized in the approach of development, testing, go-live and post-production phases. With adequate support of project management, infrastructure, system admins, and the like, migration to production goes smoothly, the new IAM solution starts working, and everyone high-fives!
While that is great and we can all appreciate the hours of work and stress that go into reaching that moment, there’s another moment that usually takes even more preparation and can delay the first from happening if it isn’t considered soon enough: If the solution starts working, will any of your end users know how to use it? Because that moment – solution is working and the end user is using it – is the one truly worth celebrating.
If training and change management are started too late, it can delay your ability to go live with your new solution. End users are too often not thought about until the testing phase. When that happens, user acceptance testing (UAT) becomes what I like to call “user in training” (UIT). I compare it to passing a car with that “Driver in Training” sticker on it – I immediately want to be in another lane or section of the road far, far away! Similarly, it’s best to avoid user training during the testing phase for two reasons.
- This means the people that are testing the solution don’t know how it’s intended to work, so your ‘defects’ list grows as users make assumptions about functionality. At this point, you can spend tens to hundreds of hours chasing defects that are not “real.”
- You’re allowing people to train themselves in an environment that hasn’t been proven to work accurately so they may think something is an intended behavior and not recognize that a defect does exist.
All of this results in a defect log that resembles a whack-a-mole game, at which point your engineers beg for solution-trained testers.
When should you start your training and change management communication and strategy? ASAP!
- Invest in administrators that have experience with the tool, or send them to training to gain the knowledge they need before development begins.
- Allow lead time to build communication campaigns, training guides, sessions or webinars. If you have 300 managers in your organization, offer more than a few sessions of training.
- Partner with your vendor to offer onsite, in-depth training sessions to build better understanding and early adopters. This is more effective than simply emailing a quick user guide throughout your organization.
Investing in your end users’ experience builds your brand. End users will believe in the steps you are taking in innovation, security and efficiency, which breeds champions of change and makes your next implementation a welcomed event.