Category Archives: SAFe

Cyber Security 101 for Small Businesses

If you’re a small business, the world of cyber security can be very overwhelming and intimidating.  There are infinite articles you can read about, a long list of cyber security maturity frameworks and concepts you could try to learn, and an overwhelming feeling that you can’t possible actually defend yourself from the hackers all over the place!

Cyber is a big, complex thing that is hard to do — if you’re looking to better defend your organization and you don’t know where to start, I recommend this approach:

  • Read the Center for Internet Security’s (CIS) CIS Controls, as they’re a great list of security controls (fancy way of saying todo items) that are already in priority order — so you start at #1 and just keep working your way down the list.  Here are the top 5:
    1. Maintain a current list of all the IT hardware (equipment) you use
    2. Maintain a current list of all of the software applications you use
    3. Invest in, and use frequently, a vulnerability scanning tool (e.g. Tenable.io) to identify security holes and then go fix them
    4. Limit who within your organization has Administrative Access.  Instead limit the access to only those who must have it, and then track who has it and who is using it to do what when.
    5. Configure IT equipment securely and monitor the configuration to ensure these configurations are being changed — for example, you may use an imaging solution to push out a consistent, pre-configured image of Windows 10 for new employee laptops and then use a device management software (e.g. Microsoft SCCM) to monitor the configuration across your organization
  • If you’re ready to keep digging in, read the NIST Cyber Security Framework (CSF), give yourself a red/yellow/green score on each of the 5 core domains and then focus on improving on the areas you think are the best return on your time and money
Advertisements

Interview with Tom Cagley re: Scaling Agile

I recently chatted with Tom Cagley on the Software Process and Measurement Podcast (SPaMCAST) about some of my experience helping scale operations at Halfaker using best practices from various business books (e.g. Good to Great), frameworks (e.g. CMMI), techniques (e.g. Agile Scrum), and tools (e.g. JIRA).  I really enjoyed our discussion on why I was excited to JIRA, a tool that is not very opinionated, so we could configure it in some specific ways for individual Halfaker departments and projects.

The SPaMCAST is a great resource for learning more from great thought leaders in the Agile, Process Improvement, and Software Engineering world. Check out the interview at:

And if you’re looking for a Podcast app recommendation, check out Castro for iPhone/iPad.  It has this great “Inbox” concept (works like an Agile backlog, where you can accept things into the backlog and then prioritize/re-prioritize them.

Books, Podcasts, and Conferences related to Designing Great Organizations

Here’s a list of books, podcasts, conferences, frameworks, methodologies, models, and other resources related to designing and building great organizations that I think are worth checking out.

If you have any recommended additions, please email or send me a tweet.

Books, Frameworks, and Standards

Resource

Key Takeaways

Additional References, Summaries, Notes

The Scrum Guide
  •  Defines Agile Scrum implementation, including relevant ceremonies (meetings), roles (Product Owner, Scrum Master, and Team Member), and information radiators (tools)
  • David Anderson gave a great keynote at the CMMI Capability Counts 2017 conference — Kanban is often over-simplified for people who don’t appreciate the whole concept
  •  The Amazon reviews complain about the Kindle version of this, but I’m guessing they’re using the traditional Kindle — the figures look great on my Kindle Fire
Scaled Agile Frameworksafe-logo.PNG
  • Framework for scaling Agile practices to teams of over 50 people
  • Combines best practices from several other sources (e.g. Lean, DevOps, Scrum, Kanban) along with some good tactical recommendations, such as investing in a 2 day, in-person planning events every quarter for the whole team (Program Increment Planning)
Disciplined Agile (DA) process decision framework

DA-logo.PNG

  • Map (analyze) your operation, find the worst bottleneck, resolve it, and repeat
  • Optimize the system, not locally (don’t try to keep each individual machine or person “busy” or productive; instead focus on optimizing the whole system)
  • This is a classic book, written as a fictional story to teach the concepts of the Theory of Constraints
  • Note: A graphic novel version of this was recently released, which sounds interesting
  • Teaches the mindset and concepts of DevOps and why DevOps is so critical to increasing organizational agility
  • Quality Management standard, originally focused for manufacturing organizations, that provide a template on how to define best practices related to ensuring Quality in your organization’s operations, leveraging concepts such as formalized surveys asking your customers how you’re doing
  • Significant overlap with CMMI PPQA, but has some unique practices
x
 
 
 
 

Podcasts

Podcast

Key Takeaways

Additional References, Summaries, Notes

Cover Image
  • Fascinating podcast by Reid Hoffman, where he interviews leaders who have scaled their organizations
Software and Process Measurement Podcast (SPaM CAST)

spamcast-logo.PNG

  • Tom Cagley interviews people related to process improvement and lots of related domains

Conferences

 Conference

Key Takeaways

Additional References, Summaries, Notes

Agile Alliance’s Annual Conference
LeanAgileDC
CMMI Capability Counts Conference
DevOpsDays

Serving Government Customers with SAFe Concepts

I recently spoke at the 2017 Capability Counts conference, put on by the CMMI Institute.  It’s a great event that isn’t focused just on CMMI maturity models — instead it’s a conference where a few hundred people get together to discuss process improvement, Agile, software engineering processes, and a variety of other related topics.

Here’s a packed room with Tom Cagley presenting on how to use storytelling to create better requirements:

Scaled Agile Framework (SAFe) is a great set of Agile and engineering best practices, pulling together great ideas from Lean, Scrum, eXtreme Programming, DevOps, and many others.  That said, I’ve found it to be a great mental model on how to structure large Agile programs and a useful of great ideas to pull from, rather than a framework to deploy entirely.  

I gave a presentation at the conference on some of the great ideas we’ve found in SAFe and how we’ve deployed them, while also giving a bit of a SAFe 101 for those interested.

Please note:  I’m not a SAFe certified trainer, nor do I speak on behalf of SAFe.