Monday, 11 September 2017

Engineering Culture and Distributed Agile Teams

The latest InfoQ article from our team working on an approach for Distributed Agile Teams. The approach is based on a series of Questions, Virtues and Practices. This article looks at Engineering practices, tools, and Culture for Distributed Agile Teams and covers DevOps. Feedback is welcome as we crowd source additional content for our Distributed Agile Approach.

https://www.infoq.com/articles/engineering-culture-distributed



Saturday, 19 August 2017

Kanban Agile Method Update - (Kanban, Agile Scaling, and DevOps)

This week's Auspicious Agile video blog returns to the popular and evolving topic of Kanban.  We revisit this Agile method which continues to grow in popularity.  We will take a look at the basics of Kanban, along with how it is used with DevOps and Agile Scaling.



Want to check out the original Auspicious Agile video blog on Kanban?  You can find it here - https://youtu.be/4ksLe3qKa9o

Saturday, 22 July 2017

Overview of Singapore Global Scrum Gathering 2017


I attended and spoke at the #SGSIN Singapore Global Scrum Gathering 2017 this week.  It was a really good conference, and I enjoyed taking part in it.  Special thanks to the organizers and Scrum Alliance.  I will be giving a summary of my talks at the Scrum Gathering along with some video clips, and playlists of the talks.  I will also include some other noteworthy talks and events at the Scrum Gathering from my perspective.

One of my talks during the conference was on Agile and The Design Sprint, and was a talk explaining how Design Sprints connect Agile and Design Thinking.  I discussed experiences and experiments I have been involved in using different variations of the Design Sprint concept, particularly the Google Ventures variation defined in the book Sprint (Amazon Affiliate link).  Here are some of the highlights from that 20 minute talk:





The Auspicious Agile video blog on Agile and The Design Sprint can be found here.  The Youtube playlist that has video of the entire 20 minute session can be found here.

My other talk at the Singapore Global Scrum Gathering 2017 was on Distributed Agile Scaling and Leadership.  I shared on some of the work I have been collaborating on with three others in this area that is available for review and feedback in Gitbook format currently.  Here are some video clips from the session:






For those who would like to watch the full 45 minute Singapore Global Scrum Gathering session the YouTube playlist can be found here.

There were also many other great talks and sessions during the conference.  Here are some that I thought were interesting and noteworthy:

There was an impromptu Open Space Agility session with Daniel Mezick, which was quite informative and entertaining.  You can learn more about Open Space Agility (which was used to facilitate our Tuesday Open Space sessions for the conference) here.

DanielMezick Open Space

Thomas Friend had an informative look at how NASA uses Agile methods, and also gave some good clarification on the Agile Joint Strike Fighter (SAAB Gripen).

IMG_8305

Pete Behrens talk on Agile Leadership, and mistakes commonly made in Agile Leadership was also particularly informative.  I particularly enjoyed this talk as well because I believe leadership is a critical element in the successful adoption of Agile and Scrum.




If you want to see the materials for these presentations and others they should be made available here.  Of course a great part of every Global Scrum Gathering is getting to catch-up with new and old friends.  This conference was no exception:










Until next time,
Stay Agile!

Sunday, 11 June 2017

DevOps for Mobile Development

Continuing the Auspicious Agile DevOps series, this week's video blog takes a look at DevOps for Mobile.  We will take a look at differences from traditional DevOps, mobile DevOps tools, and challenges.



Saturday, 22 April 2017

Agile Scaling Round up


This week's Auspicious Agile video blog takes a look at an updated set of Agile scaling methods.  There is coverage from VersionOne's 11th Annual State of Agile Survey, which provides some good perspective.  Methods covered included SAFe, Scum-of-Scrums, LESS, RAGE, Disciplined 2.0 and many more (believe me there are allot).


Saturday, 25 February 2017

Taking a Look at Modern Agile



This week's Auspicious Agile video blog takes a look at Modern Agile created by Joshua Kerievsky.  Modern Agile goes beyond software development and applies to areas as broad as HR, Business Strategy, Product Development, and many more.


Friday, 10 February 2017

New Distributed Agile Framework



I am working on a new Distributed Agile Framework with my team mates +Hugo Messer  Savita Pahuja, and Arjan Franzen.  Our latest post can be found on InfoQ.  We welcome feedback and comments on the framework draft that we can incorporate as we iterate on our next version.

https://www.infoq.com/articles/be-agile-distributed-teams




Friday, 27 January 2017

DevSecOps Putting Security at the Heart of DevOps

DevSecOps RSA Conference 2017 in San Francisco and DevSecCon in Singapore will both take place in February, and point to the trend toward merging DevOps and security, a combination called DevSecOps.

DevSecOps - the combination of DevOps and Security (or SecOps) - is a new trend making its presence known across the internet, industry and conferences.  With DevSecOps RSA Conference 2017 in San Francisco and DevSecCon in Singapore coming up in February 2017 we take a closer look at this new trend.

DevSecOps puts security squarely in the middle of DevOps.  No longer treating security as an afterthought, or as a one time review in a traditional or waterfall project context.  So what is DevSecOps?  

DevSecOps.org says that “The mindset established by DevSecOps lends itself to a cooperative system whereby business operators are supplied with tools and processes that help with security decision making along with security staff that enable use and tuning for these tools.”  

The DevSecOps Manifesto defines:

  • Leaning in over always saying “no”
  • Data & security science over fear, uncertainty and doubt
  • Open contribution & collaboration over security-only requirements
  • Consumable security services with APIs over mandated security controls & paperwork
  • Business driven security scores over rubber stamp security
  • Red & blue team exploit testing over relying on scans & theoretical vulnerabilities
  • 24x7 proactive security monitoring over reacting after being informed of an incident
  • Shared threat intelligence over keeping info to ourselves
  • Compliance operations over clipboards & checklists

Shannon Lietz of DevSecOps.org also offers five foundational principles of DevSecOps:

  1. Customer focused mindset
  2. Scale, scale, scale
  3. Objective criteria
  4. Proactive hunting
  5. Continuous detection and response

Are practitioners and voices across the internet and social media supportive of DevSecOps?  Here are some of the opinions about DevSecOps:

According to TripWire.com contributor Tim Prendergast security professionals are now becoming viewed more as peers than simply approvers at the end of a project.  This is giving security professionals a seat at the table so that security can be more proactively addressed by teams.

CSOOnline looks at the variations of DevSecOps found in the wild - SecDevOps, DevOpsSec.  Jamie Tischart of CSOOnline likes the SecDevOps variation better as it “puts security first”.  CSOOnline has this to say about DevSecOps:

“The last one is DevSecOps. Literally, you can expand this to completing development, then reviewing and automating for security, and then deploying and operating. This articulation hopes to catch the security concerns before they are deployed to the world but are not as incorporated into the overall process as SecDevOps. Certainly DevSecOps has the benefit of focusing on security before introducing a vulnerability to the the wild, but it is not security-focused in every activity.”

TechBeacon also speaks to the many names which apply with the addition of names like rugged DevOps.  Chris Romeo in his TechBeacon article speaks of a perceived need for a standard name.

“This gives us a hint as to the disconnect that exists within security in DevOps. It’s still the wild west. There is no standard that defines security for DevOps, and the chances of a standard ever developing is small because different organizations are doing things their own way, and can’t even agree on a standard name. And while there is a standard for the secure development lifecycle (ISO/IEC 27034-1), few organizations are ever validated against it .”
In his Sonatype blog Derek Weeks posits that there is strong evidence that DevSecOps has picked up significant momentum in 2016.  Derek points to the November 2016 Gartner release of its report on DevSecOps.  Gartner’s inclusion of DevSecOps indicates that the trend is becoming mainstream, as Gartner’s focus is on mainstream technology topics and not early adoption topics.

Other voices in the conversation on DevSecOps range from private sector, to the open source Community with many conferences.  In the private sector HP notes that the inclusion of security into DevOps is a hot topic.  HP notes that the different terminology indicates that security is an addition to DevOps rather than an integral part of it (at least in the current state).

In the open source community there are multiple meetups on DevSecOps including one in Singapore and another in the US in San Diego.  The Singapore meetup description indicates that:
“DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it.”

The DevSecOps Dojo is another location on the Web for updates on what is happening in the world of DevSecOps including article updates and a DevSecOps Twitter feed.

A range of several recent (and upcoming) conferences also show how pervasive DevSecOps has become.  DevSecOps RSA Conference 2017 has support from DevSecOps.com, Sonatype, and RSA Conference. A previous DevSecCon recently took place in London, and will be held for the first time in Asia in February.  DevSecOps was also a featured topic at the recent 2016 IT Expo London.