PMP, InfoSec & Chan easy to understand lifetime to master Chuan Lin, CISSP, PMP

PMP, InfoSec & Chan

PMP, InfoSec & Chaneasy to understand lifetime to master

Chuan Lin, CISSP, PMP

What are these• PMP

– Project Management Professional

• InfoSec– Information Security Professional

• Chan– A method of meditation that observes

breathing and inner thoughts

What are their goals• PMP

– To bring about organizational process into anarchic projects

• InfoSec– To bring about organizational

information security in a chaotic business environment

• Chan– To calm the mind through regulated

breathing and inner perception

Why Chan• Chan is both spiritual and practical.• While spirituality is subjective,

practicality is backed by science and study.o Physical benefits – reduce blood pressure,

bowel syndrome, and flare up in ulcerative colitis

oMental benefits – increase creativity and prioritization while reduce anxiety, depression and insomnia

What’s the Purpose• Back in Chinese Song Dynasty

(around 12th century AD), Chan Master Kuòān Shīyuǎn (廓庵師遠 ) mapped out stages of Chan through poetry and images called Ten Bulls.

• This is an attempt to demonstrate the systematic similarity among PMP, Infosec and Chan through these ten stages.

UndisciplinedWith his horns fiercely projected in the air the beast snorts,madly running over the mountain paths, farther and farther he goes astray!A dark cloud is spread across the entrance of the valley,and who knows how much of the fine fresh herb is trampled under his wild hoofs!

猙獰頭角恣咆哮 奔走溪山路轉遙一片黑雲橫谷口 誰知步步犯佳苗

UndisciplinedBlack Water Buffalo represents our moods and thoughts.Cowherd represents our conscious. When we first attempt to meditate, we find that our moods and thoughts are running rampant in our minds.

In Chan

UndisciplinedBlack Water Buffalo represents a company’s culture and/or norms.Cowherd represents info sec profession. A company without a security policy is like a wild buffalo running amok and unknowingly bringing harm to itself and those around it.

In InfoSec


Black Water Buffalo represents stakeholders in a given project.Cowherd represents project manager. When a project manager initiates or inherits a project, he has to take control of stakeholders else project will go awry.

Discipline Begin

I am in possession of a straw rope, which passes through its nose,at once it makes a frantic attempt to run away, but is severely whipped and whipped;The beast resists the training with all the power there is in a nature wild and ungoverned,But the rustic oxherd never relaxes his pulling tether and ever-ready whip.

我有芒繩驀鼻穿 一回奔競痛加鞭從來劣性難調製 猶得山童盡力牽

Discipline BeginStraw Rope represents disciplines that we used to calm our moods and thoughts.But it is not something we’re used to. Our body, moods and thoughts rebelled against the rein that we’ve put ourselves through.

In Chan

Discipline BeginStraw Rope represents governance risks and compliances (GRC), along with policies and standards that imposed on a company culture.If not effectively conveyed, the buffalo will attempt to thwart the control from InfoSec Profession.

In InfoSec

Discipline BeginStraw Rope represents disciplines, guidelines, and rules for this project.Project Manager uses it to rein in stakeholders.This is similar to Tuckman’s Team Formation – Storming whereas previous slide (Undisciplined) may represent Forming.

In Harness 漸調漸伏息賓士 渡水穿雲步步隨手把芒繩無少緩 牧童終日自忘疲Gradually getting into harness the beast is now content to be led by the nose,crossing the stream, walking along the mountain path, he follows every step of the leader;The leader holds the rope tightly in his hand never letting it go,All day long he is on the alert almost unconscious of what fatigue is.

Source: http://www.santosha.com/philosophy/oxherdingpictures-3.html

In Harness In ChanBuffalo turned white at

its head which represented our gradual control of conscience over moods and thoughts.At this stage, we began to get a glimpse of tranquility.

In Harness

InfoSec Profession has to win the support from the top management.At this stage, the company may seem docile but it does not fully embrace the need for information security.InfoSec Pro has to lead and to maintain a tight control.

In InfoSec

In Harness

Project Manager gains control of stakeholders who’re slowly accepted him as their leader. But PM still has to pay close attention to stakeholders because any negligence could release them.

Faced Round

日久功深始轉頭 顛狂心力漸調柔山童未肯全相許 猶把芒繩且系留After long days of training the result begins to tell and the beast is faced round,a nature so wild and ungoverned is finally broken, he has become gentler;But the tender has not yet given him his full confidence,he still keeps his straw rope with which the ox is now tied to a tree.

Source: http://www.santosha.com/philosophy/oxherdingpictures-4.html

Faced Round In

ChanAn intermediate stage of meditation where moods and thoughts are gradually receded. Our conscience is still maintain a tight rein over our moods and thoughts.

Faced RoundNow, a third of the company has adopted GRC and security policy as part of corporate culture norm. InfoSec Pro can now step away from enforcing GRC and security policy which are still visible and view as constraint.

In InfoSec

Faced RoundProject Manager wins about a third of the stakeholders. Even though they seem compliant, PM still needs to have the straw rope around as the mean of control.

Tamed 綠楊蔭下古溪邊 放去收來得自然日暮碧雲芳草地 牧童歸去不須牽Under green willow by the ancient mountain stream,the ox is set at liberty to pursue his own pleasures;At the eventide when a grey mist descends on the pasture,the boy wends his homeward way with the animal quietly following.

Source: http://www.santosha.com/philosophy/oxherdingpictures-5.html

Tamed In ChanDiscipline is no longer a

discipline but mature into a part of our habit. Our moods and thoughts are calmed in two-third of the time as we meditated.In Chan, we only need to spend a third of our time to quiet our mind.

TamedTwo-third of a company has adopted GRC and security policy.By now, the straw rope is no longer needed, rather it is gradually absorbed in parts into corporate culture norm.

In InfoSec

TamedProject Manager has gained enough trust with two-third of stakeholders that they no longer need to be rein by the straw rope.In Tuckman’s Team Formation, we’re begin to see the transition to Norming.

露地安眠意自如 不勞鞭策永無拘山童穩坐青松下 一曲升平樂有餘On the verdant field the beast contentedly lies idling his time away,no whip is needed now, nor any kind of restraint;The boy too sits leisurely under the pine tree,playing a tune of peace, overflowing with joy.

Source: http://www.santosha.com/philosophy/oxherdingpictures-6.html

Unimpeded In Chan

Our moods and thoughts are nearly calm during chan.Outside of chan, our moods and thoughts will not disturb us while we focus on our tasks.

Nearly ninety percent of corporation has adopted GRC and security policy. InfoSec Pro is free to work on other security related projects and only need to maintain casual contact to administrate GRC and security policy.

In InfoSec


The rapport between project manager and stakeholders is jelled that they can dispense with the straw rope. This is not to say that rules and regulation are ditched. Rather, PM and stakeholders are working closely together that they are not hindered by it.

Laissez Faire

柳岸春波夕照中 淡煙芳草綠茸茸饑餐渴飲隨時過 石上山童睡正濃The spring stream in the evening sun flows languidly along the willow-lined bank,in the hazy atmosphere the meadow grass is seen growing thick;When hungry he grazes, when thirsty he quaffs, as time sweetly slides,while the boy on the rock dozes for hours not noticing anything that goes on about him.

Source: http://www.santosha.com/philosophy/oxherdingpictures-7.html

Laissez Faire

In Chan

Our moods and thoughts are fully subsided in chan and in our world.Because there is no obstruction he has no fear, and he passes far beyond all confused imagination and reaches Ultimate Nirvana.

Laissez Faire

Now that the company has fully embraced GRC and security policy as a part of business culture or norm, InfoSec Pro can be gone for a duration and not worry about information security breach.

In InfoSec

Laissez FaireThere is a trust between Project Manager and stakeholders that the former could be away from the project, and nothing is deviated.In Tuckman’s Team Formation, we’re begin to see the transition to Performing.

All ForgottenThe beast all in white now is surrounded by the white clouds,

The man is perfectly at his case and care-free, so is his companion;

The white clouds penetrated by the moon-light cast their white shadows below,

The white clouds and the bright moon-light-each following its course of movement.

白牛常在白雲中 人自無心牛亦同月透白雲雲影白 白雲明月任西東

All ForgottenOur moods and thoughts began to transcend into our inner conscience.We experience a serene and benevolence state both in and out of chan. In 2008 US animation, Kung Fu Panda, Oogway can be seemed as have reaching this stage and beyond.

In Chan

All Forgotten

GRC and security policy are all forgotten in the sense that they are fully absorbed into corporate norms. They do not restraint a company but allow it to move with greater certainty and confidence as if they are travelled through clouds.

In InfoSec

All Forgotten

As project nears completion, stakeholders no longer maintain their identities. They are assimilated into project closures. Their needs are met, and their supports are concluded.

Solitary Moon

Nowhere is the beast, and the oxherd is master of his time,

He is a solitary cloud wafting lightly along the mountain peaks;

Clapping his hands he sings joyfully in the moon-light,

But remember a last wall is still left barring his homeward walk.

牛兒無處牧童閑 一片孤雲碧嶂間拍手高歌明月下 歸來猶有一重關

Solitary Moon

Our moods and thoughts are no more. Our inner mind emerges and we begins to realize that all are impermanent.Our mind begins to awake. But our body is not ready.

In Chan

Solitary Moon

Understand that GRC is not a permanent fixture but a cycle of change.Core ideas remain the same, but physical means of protecting, layering and defending are ever changing.There is a loop of new threats overcoming old defenses which in turn are remediate by newer security.

In InfoSec

Solitary Moon

Project Manager, in closing out the project, reviewed its charter, and documentation. Project life cycle embodies the idea, “All things are impermanent.”There is an initiation, execution, and conclusion.

Both VanishedBoth the man and the animal have disappeared, no traces are left,The bright moon-light is empty and shadowless with all the ten-thousand objects in it;If anyone should ask the meaning of this,Behold the lilies of the field and its fresh sweet-scented verdure.

人牛不見杳無蹤 明月光含萬象空若問其中端的意 野花芳草自叢叢

Both VanishedThe final stage of chan, we are ready to move on at the moment of our choosing with both body and soul.By being empty of our body and souls, we are able to contain myriads of things without influenced by them.

In Chan

Both VanishedGRC no longer sticks out as an inhibitor but as a competitive leverage.Like vitamin, it no longer exists as a distasteful pill. Its essence spreads through corporate structure and strengthens information security.

In InfoSec

Both VanishedProject completion by meeting project objectives and acceptances of end results by requesters.Other than an archive record in company, the project itself is no longer existed. There might be same project manager and same stakeholders, but it will never be the same project.

Summary• While there are no Chan

Professional, nonetheless, there existed a systematic mapping of Chan progress/stages which are no different to that of modern professional system.

• Another word, current professional system are no different than ancient schema on bringing order to chaos.

Summary• Again, the focus of Chan Meditation

demonstrated here is on the practicality that is both measurable and repeatable.

• Confucian meditation favored this form of Chan Meditation whereas Taoism and Buddhism favored its spiritual aspect.

Summary• Meditation is gaining traction among

Western business elites as a mean to cope with information overload and to find the center within themselves.

• Personally, my meditation borders between the Undisciplined and the Discipline Begin.