Category: Agile
Systems Thinking: Part 1
Common sense tells us different problems need different solutions, having a “systematic” way of evaluating new problems can help us avoid relying too fully on our assumptions and default response. Use this introduction to systems thinking to evaluate where your problems generally land on the Cynefin Model.
Systems Thinking Part One – YouTube
Using Project Management Disciplines to Improve Performance
I was asked late last year to write a white paper for Axelos on some of the reasons organizations might consider using disciplines from the PMBOK, from PRINCE2, and from Agile practices like Scrum to help them improve their project performance. It also became a nice opportunity to demystify some of the mistaken notions about each set of practices. Short summary: they work and play together very well, but require some organizational discipline, and should be adapted to meet the needs of any particular organizations.
Here is a link to the paper…I hope you enjoy it, and reach out to me if you have questions on how you might leverage these practices to help your organization improve its performance.
Best,
Patrick
Making IT Work episode 10: The Agile Mindset
If 2020 has taught us anything it is that We don’t know what we don’t know.
Welcome to the world of Agile. This year has offered the world the opportunity to learn the most important mindset lessons from Agile: listening, collaboration, progress toward solutions not fixed results.
The Agile Mindset is not limited to programming but should inform the culture of the entire business as Patrick von Schlag makes clear in this episode of Making IT Work: The Agile Mindset.
For another look at Agile please see The Great Convergence
NIST and the Art of Security Maintenance
Making IT Work: episode 9
I’ve been spending a lot of time this year working with clients beginning the long process of implementing security controls in support of the NIST Cybersecurity Framework. I’ve been feeling the need to share a few lessons learned from these early stage activities, and some implications for organizations as they progress.
- Adoption starts at the top! Organizations having the best success with the framework begin by gaining buy-in and commitment from the highest levels of the organizations; Boards of Directors and senior C-level management. Fundamentally, the value proposition of using a framework like this is in facilitating business-centered conversations, about risk, risk optimization, and investment prioritization.
Computer Security Signpost Showin - Business-side stakeholders need enough awareness of the Framework to collaborate. Ultimately the purpose of a Cyber Security Company is to enable and protect business workflows, business processes, and business information. All of these are owned by business side stakeholders; process managers, line of business managers, and customer relationship managers. These key stakeholders need to have a clear voice alongside risk and audit on how to best optimize the cost/risk/value balance and enable the organization to successfully deliver value to stakeholders. Extensive conversations between business leadership and security practitioners is absolutely essential…and these conversations must take place in business language and reflect business priorities. The NIST Framework provides the necessary language and structure to enable these conversations without devolving into technical jargon.
- An adaptive, Agile approach is necessary. Information security is necessarily always responding to new vulnerabilities, threats, risks, and issues. Security professionals benefit from adopting certain core Agile principles and practices in order to remain flexible and adaptive as the threat landscape evolves.
- The NIST Framework -really- is useful to any size organization, and adapts readily to the realities of small/medium sized businesses. Many of my customers are not huge enterprises and don’t have dozens or hundreds of personnel focused on the implementation of security practices. Many more of them, with tens or hundreds of employees, are more likely to “have a guy” who is tasked with “doing security.” Eventually one of the main benefits to using a framework like the NIST Cybersecurity Framework is to provide any-size organization with an approach to help organizations recognize that security is an organization-wide problem, that real-world constraints can and do exist, and that the most effective approach is to assess current capabilities and prioritize needs, with the goal to be establishing a functional beachhead that enables the organization to do with the most critical issues, then work using a process of continuous improvement to start iteratively chipping away at other capabilities.
As we continue to work to help organizations adopt and adapt this framework, I expect I’ll have a lot more to share. Remember, be willing to “win a little,” consolidate your gains, and do it again!
One of the resources we provide is free access to our online LinkedIn Mentoring Community, where interested professionals can ask questions, share links and information, and support one another in adoption and adaptation of the NIST CSF and various Informative References.
To gain access to the community, follow the link https://www.linkedin.com/groups/12376016/
Related posts: Agile as a Business Transformation Practice
Making IT Work episode 8 Customer Journeys: Onboarding
Making IT Work episode 8 Customer Journeys: Onboarding
Successful Onboarding starts in the previous Agree Phase of the Customers Journey. A clear chain of responsibility, whether a standard routine or a complete migration, needs a coherent process for both security and efficacy.
Minimizing risks and obtaining optimum outcomes in all 4 dimensions is the goal. Using communication channels proficiently and wisely reduces anxiety, minimizes work disruption, and helps new processes integrate with better goodwill.
Patrick von Schlag introduces the opportunities and pitfalls to onboarding in this week’s Making IT Work.
To see the rest of the Customer Journey please watch these episodes:
Making IT Work Customer Journeys: Offer part 1 and Offer part
Making IT Work Customer Journeys: Engage Relationships
Making IT Work Customer Journeys: Explore and Engage and Agree
Making IT Work episode 6 Customer Journeys: Offer part 2
Cost justified, competitive bids result from understanding both our customers and our own costs, capabilities, and services. What sounds like a confusing flood of information is laid into a coherent development plan walking you through service blueprinting, service interaction and bidding.
In this episode Patrick von Schlag takes a high-level viewpoint to discuss how Best Practice frameworks impact the design of service offerings and structure bid development. Among the components discussed are the
LEAN principles of the Value Proposition, cost and risks, and mapping value streams;
Agile development options, bottle necks, weakest links, MVP, iterative solutions, capabilities, enablers, feedback loops and the benefits of a pull versus push system;
Dev-Ops AB testing, canary releases and the new
ITIL 4 High Velocity IT principles integrating Design Thinking to improve customer experience and outcomes.
The Great Convergence
One of the spectacles of the past 20 or so years has been the competing approaches and frameworks for improving governance, streamlining workflows, and delivering services. Practices like LEAN, Agile, ITIL, DevOps, and even governance frameworks like CObIT all competed for attention in promising adopting organizations more efficient and more effective teams, better results, and improved quality and consistency.
Well, the winner is in…it is…drumroll…all of the above!
Each of these approaches brings with it native practices and capabilities, yet most organizations are by now seeing that the most appropriate approach was never an “either-or”, but of course a “both-and.” LEAN brought us a focus on value streams, waste identification, and creating continual improvement cultures. Agile practice like Scrum introduced lightweight approaches to requirements (focused on user experience through user stories, a core idea in design thinking), prioritization through the use of backlogs, and acknowledging the reality that we just don’t know what we don’t know, and that being adaptive as learning occurs creates better solutions and higher customer delight. ITIL established the focus on service delivery and value creation, over mere execution of processes, and encompasses how cross-functional we must act to support the collaboration models we need to operate as end-to-end service teams. DevOps leveraged many of the above practices to drive a focus on the value stream of delivery and deployment of IT applications, and improves the velocity of solutions while improving the overall risk management of IT through rigorous testing and validation, environment controls through infrastructure as code, and improving flow with feedback. Even in the updated version of CObIT, the focus is on integrating new sets of best practices into an overall IT governance and management framework that acknowledges the profound changes in how IT operates.
Implications: There’s a lot to learn…and real upside for organizations that make the effort.
Most IT organizations are trying to adopt some number of these core practices, but often without an integrated vision of how they will work together to gain efficiencies and improve overall quality of service. In our consulting practices, we often see siloed thinking from development or operations organizations, with concomitant inefficiencies and poor results. Rationalizing these practices together is critical to get the value you seek from any of them.
The good news: there are many successful approaches to making this work. Over the next few weeks we will be sharing a number of success stories from organizations that have successfully adopted and adapted these practices to improve their organizations.