Augmented Agile: Agile Behavior Meets Digital Engineering

1. Augmented Agile Delivery - Agile Behaviour Meets Digital Engineering Dave Norton Consortium for Information & Software Quality

2. It’s a Complex World – And Not Getting Any Simpler

3. We Need Continuous Delivery Of Features To Stay Ahead http://giphy.com/gifs/KW3nydTAyPaU0

4. Learning to Play on a VUCA Pitch Volatility Uncertainty Complexity Ambiguity

5. Understand How The Modes Relate and Interact Stacey Model The Theory Bit - Models Of Complexity The Cynefin framework

6. Adjust Your Decisions Making Process To Fit The Situation “Decisions without actions are pointless. Actions without decisions are reckless.” ― John Boyd

8. ©2019 CISQ 8 Building Information Modelling With BIM (Building Information Modeling) technology, one or more accurate virtual models of a building are constructed digitally. They support design through its phases, allowing better analysis and control than manual processes. When completed, these computer-generated models contain precise geometry and data needed to support the construction, fabrication, and procurement activities through which the building is realized.”

11. Digital Twins

12. So Augmented Agile Is Agile Plus ….. ©2019 CISQ 12 MBSE AI/ML Enterprise Agile Digital Twins Cyber Physical Systems SoSE DevOps Trustworth iness Ethics Bots Standards Big Data Social Theory Self- Determinati on Theory

13. So Augmented Agile Is Agile Plus ….. ©2019 CISQ 13 MBSE AI/ML Enterprise Agile Digital Twins Cyber Physical Systems SoSE DevOps Trustworth iness Ethics Bots Standards Big Data Social Theory Self- Determinati on Theory

14. Re-evaluating MBSE in the context of agile and digital twins to support complex business ecosystems from strategy to implementation. Tackling the problem of quality at speed, agile at scale with the correct application of relevant guidelines and standards to form a solid foundation to build on. ©2019 CISQ 14

20. Ontology

21. ©2019 CISQ 22 <<service>> Order <<service>> Customer getTodaysStockLevel confirmCustomer getEstShipDate validatePayment <<service>> Payment StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>StockUpDate Order Management Customer Order Line Items Address BillingShipping Account Payment Method Domain Model Preparing Cancelled Fulfilled Model of Real World, But Not The Real World Ontology as a philosophical discipline aims at developing a system of general categories, the relationships between them and the rules that govern them which together form a theory of reality. OMG • Instances or objects • Classes • Attributes • Relations • Function • Restrictions • Rules • Axioms

24. ©2019 CISQ 25 < < s e r v i c e > > O r d e r <<s ervi ce> > Cust ome rgetTodaysStockLevel confirmCustomer getEstShipDate validatePay ment <<s ervi ce> > Pa ym ent Sto ckC hec k Inventory <<servi ce>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>Stoc kUp Date Order Management Customer Order Line Items Address BillingShipping Accou nt Pay me nt Met hod Domain Model Preparing Cancelled Fulfilled Digital Ecosystem < < s e r v i c e > > O r d e r < < s er vi c e > > C u st o m er getTodaysStockLevel confirmCustomer getEstShipDate validate Paymen t < < s e r v i c e > > P a y m e n t S t o c k C h e c k Inventory <<se rvice >> Stoc k <<Component>> Warehouse <<Service>> StockMan <<Component>>St oc kU pD at e Order Management Customer Order Line Items Address BillingShipping Acc ount P a y m e nt M et h o d Domain Model Preparing Cancelled Fulfilled < < s e r v i c e > > O r d e r < < s e r v i c e > > C u s t o m e r getTodaysStockLevel confirmCustomer getEstShipDate valid ateP aym ent < < s e r v i c e > > P a y m e n t S t o c k C h e c k Inventory < < s e r vi c e > > S t o c k <<Component>> Warehouse <<Service>> StockMan <<Component>>S t o c k U p D a t e Order Management Customer Order Line Items Address BillingShipping A c c o u n t P a y m e n t M e t h o d Domain Model Preparing Cancelled Fulfilled < < s e r v i c e > > O r d e r < < s e r v i c e > > C u s t o m e r getTodaysStockLevel confirmCustomer getEstShipDate va lid at eP ay m en t < < s e r v i c e > > P a y m e n t S t o c k C h e c k Inventory < < s e r v i c e > > S t o c k <<Component>> Warehouse <<Service>> StockMan <<Component>>S t o c k U p D a t e Order Management Customer Order Line Items Address BillingShipping A c c o u n t P a y m e n t M e t h o d Domain Model Preparing Cancelled Fulfilled A Digital Ecosystem Is A System of Systems Finance Health Retail Government

25. System of Systems – Net Centric Warfare – Where it all started 1 2 3 4 5 6

26. System of Systems – TeleHealthcare & TeleFitness Out Patient Mobile Device Telecommunication Network Healthcare ProviderCardiovascular Monitor Application Local Doctor Patient System Emergency Services

27. System of Systems – A Very Practical Example – Haiti Disaster Response OpenStreetMap Satellite Images 2000 Users GPS Aid Workers Event 12 H 24 H "Over just a few days, it saved me and my driver from getting lost twice, and the alternative would have been long delays. We are running fast trying to help people and your work makes it easier.“ Kjeld Jensen - Red Cross 1 2 3 4

29. ©2019 CISQ 30 <<service>> Order <<service>> Customer getTodaysStockLevel confirmCustomer getEstShipDate validatePayment <<service>> Payment StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>StockUpDate Order Management Customer Order Line Items Address BillingShipping Account Payment Method Domain Model Preparing Cancelled Fulfilled Physical World Digital World Ontology Reflects Realty Realty Drives the Ontology

30. The Manifesto for Agile Software Development 1.Customer satisfaction by early and continuous delivery of valuable software. 2.Welcome changing requirements, even in late development. 3.Deliver working software frequently (weeks rather than months) 4.Close, daily cooperation between business people and developers 5.Projects are built around motivated individuals, who should be trusted 6.Face-to-face conversation is the best form of communication (co-location) 7.Working software is the primary measure of progress 8.Sustainable development, able to maintain a constant pace 9.Continuous attention to technical excellence and good design 10.Simplicity—the art of maximizing the amount of work not done—is essential 11.Best architectures, requirements, and designs emerge from self-organizing teams 12.Regularly, the team reflects on how to become more effective, and adjusts accordingly

31. When dealing with complex mission critical systems in a system of systems environment (Smart city’s, open banking, healthcare) it not always possible to have daily cooperation and Face-to-face conversation with the key stakeholders. Not good, but reality of life

32. MBSE

33. ©2019 CISQ 34 Model Based Systems Engineering Methods PracticesDecisions Implementation Frameworks CPS SoS Social Abstraction Algorithms Risk Support Process Syntax Semantics Viewpoints Ontology Authoritative Collaboration Planning Analysis Maturity Models Engineering Operational

34. MBSE TOOLS PEOPLE TRAININGEFFORT Modeling is a nice to have We don’t have the time Its vendor hype Its too complex Always ends up in analysis paralyses Its too formal and we need to be agile We don’t have the cash Requires Process/Org Change $ $ $ $

35. “MBSE is the old way, agile is much faster”

38. ©2019 CISQ 39 Model It Tom What will the performance be ? Cut It Joe We can run simulation against the model based on real data We can make an estimate from the design and architecture, then look at the MVP

39. ©2019 CISQ 40 Model It Tom What will happen if we change a component? Cut It Joe The model will show how the behavior and structure of the system will be impacted We can run a spike to look at the impact or even develop another MVP

40. ©2019 CISQ 41 Model It Tom How will we do threat analysis ? Cut It Joe We can red team and run threat model, and even use AI to look for new attack vectors. We can red team and review against the design and architecture, then verify the code.

41. ©2019 CISQ 42 Model It Tom What will be the total cost of ownership ? Cut It Joe We can assign operating effort and costs to the model then analyze the results. We can make assumption about the design and architecture, but will have to wait to the implementation to be sure.

43. “MBSE Models are to generic, you still need to write a lot of code

44. ©2019 CISQ 45 General Development Concepts General Syntax and Semantics Standard Meta-Model General Graphical Notation LevelofAbstraction Business SolutionSpace HW&SW ProblemDomain Conceptual Gap MBSE Using General Purpose Languages All these models and we still get the requirements wrong, and I still have to write the hard code and tests. Automated Implementation Non-Automated

45. ©2019 CISQ 46 General Development Concepts General Syntax and Semantics Standard Meta-Model General Graphical Notation LevelofAbstraction Business SolutionSpace HW&SW ProblemDomain Conceptual Gap MBSE Using General Purpose Languages Automated Implementation Non-Automated “What if we add domain information, and add quality and testing needs”

47. ©2019 CISQ 48 UML Profile for BPMN Processes BPMNProfile™ UML Profile for Enterprise Distributed Object Computing EDOC™ UML Profile for MARTE MARTE UML Profile for NIEM NIEM-UML™ UML Profile for Modeling QoS and FT QFTP Software Radio Components SDRP™ UML Profile for System on a Chip SoCP™ UML Profile for Schedulability, Performance, & Time SPTP™ UML Profile for Telecommunication Services TelcoML™ SES Management TelcoML Extension TelcoML-SES™ UML Profile for ROSETTA UPR UML Testing Profile 2 UTP2 UML Profile for Voice-based Applications Example UML Profiles

48. ©2019 CISQ 49 <<service>> Order <<service>> Customer getTodaysStockLevel confirmCustomer getEstShipDate validatePayment <<service>> Payment StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>>StockUpDate Order Management Customer Order Line Items Address BillingShipping Account Payment Method Domain Model Preparing Cancelled Fulfilled The Model is Marked up ready for transformation, Architect (Model element mapping ) Physical World System Model

49. ©2019 CISQ 50 Domain Ontology General & Domain Semantics General & Domain Graphical Notation Extended Meta-Model Conceptual Gap? MBSE Using General Purpose Languages MBSE Using Domain Specific Languages General Development Concepts General Syntax and Semantics Standard Meta-Model General Graphical Notation Automated Implementation LevelofAbstraction Business SolutionSpace HW&SW ProblemDomain Conceptual Gap Non-Automated Automated Implementation Non-Automated

51. “MBSE Models require centralized modeling and BDUF. It is Waterfull”

52. ©2019 CISQ 53 Event Window Event: Order Notification Active Order [validOrder] OrderNotification Event: Line Item Picked (1 of 3) Preparing Order Exit: [if hold false] RaiseEvent - OrderPrepared LineItemPicked (1 of 3) LineItemPicked (2 of 3) Event: Line Item Picked (2 of 3) Event: Line Item Picked (3 of 3) Hold LineItemOutofStock Event: Line Item Restock LineItemRestock Event: Line Item Out Of Stock LineItemPicked (3 of 3) Dispatch Event: Order Prepared [BillingSuccessful] Event: Billing Successful Order Fulfilled Event: Order Delivered OrderDelivered Cancelled Invoicing Customer Invoice Paid Entry: RaiseEvent – Billing Successful [non Account] OrderPrepared PaymentReceived Payment Squad Warehousing Squad Event: Payment Received Ready to Ship OrderPreparedDispatch Squad

55. “Models can not help when we are dealing with legacy systems”

56. ©2019 CISQ 57 WSDL Java/C# XML DB <asp:DataGrid id="DataGrid1" </asp:DataGrid> Scripts StockCheck Inventory <<service>> Stock <<Component>> Warehouse <<Service>> StockMan <<Component>> StockUpDate Order Management Legacy System Model Customer Order Line Items Address BillingShipping Account Payment Method Domain Model New System Model T T ERP AppsCRM T Legacy Applications Conceptual Model System Use Case System Use Case BuyerSupplier Send Order Take Order Send Order Error Receive Order Error Send Order Responce Recive Order Respone Dispatch Order EA Repository Architecture Viewpoints TechnicalInformation Implementation Logical Conceptual Business Model Repository

58. ©2019 CISQ 59 Questions • Is the goal clear? • Level of urgency • Who is involved? • Complexity • Information source • Potential bias • Frequency • Data presentation • Later justification ISO/IEC 42010 1. Understand You Stakeholders, Their Concerns and Questions

59. 2. Treat Digital Twins and Agile MBSE as System of Systems (SoS) Governance Challenge. • Directed — The SoS is created and managed to fulfill specific purposes and the other systems are subordinated to the SoS. The component systems maintain an ability to operate independently; however, their design and operationalization are subordinated to the central SoS goal. • Acknowledged — The SoS has recognized and agreed objectives, joint governance mechanism and resources for the SoS implementation; however, the supporting systems retain their independent ownership, objectives, funding, and development and sustainment approaches. • Collaborative — The component systems interact more or less voluntarily to achieve agreed upon central purposes. The central players collectively decide how to provide value and desired outcomes. • Virtual — The SoS has no central governance authority or a centrally agreed upon purpose for the SoS. Large-scale behavior emerges — and may or may not be desirable.

60. Acknowledged, Collaborative & Virtual - BUT NOT Directed Factors beyond your influence Factors you you can influence Factors you control Digital business model exist in a complex environment. • Pace of new technically • More cyber-physical devices • Ambiguity on regulation • Uncertainty of API strategies • Less time to respond • Less control over the value stream. • Lower barriers to entry allow new entrants and fast followers.

61. ©2019 CISQ 62 3. Mesh the Models for Optimum Decision Making — Mind the Gap Real-Time Transformation Models Models "Meshed" Policy Strategy Capability Programs Services Operations Capability Analysis Behavior Structure Organization Process Information Model Need to Be Linked; a Change In One Triggers Changes In the Others

62. 4. Adopt Architecture Runway For Major Models — Just in Time, Not Just to Late Core Models Architecture Story's Backlog Components, Frameworks, Libraries, Adaptors) Features Architecture Model Epics and Story's Local Sub System Models Product Backlog

63. 4. Adopt Architecture Runway For Major Models — Just in Time, Not Just to Late SAFe has the concept of MBSE. You can use MBSE without a enterprise agile framework, but it is harder.

64. ©2019 CISQ 65 5. Informal and Unofficial Knowledge Is a Factor — Go See 現場 (Genba) Knowledge Type Definition Unofficial Policy Actions that are carried out because they have become part of the group psyche but not documented policy Shadow Process Unofficial processes or sub-processes that are enacted in place of the official process Informal (Shadow) Organization Chain of command or structure used when the formal structure is deficient or where there's a desire to circumvent it Filling In the Gaps Knowledge on areas not addressed formally or addressed at the wrong level of detail Driven by Innovation Knowledge or practices that have emerged and have yet to be formally captured

66. So Where Does All This Agile Systems Engineering Get Us ?

70. Re-evaluating MBSE in the context of agile and digital twins to support complex business ecosystems from strategy to implementation. Tackling the problem of quality at speed, agile at scale with the correct application of relevant guidelines and standards to form a solid foundation to build on. ©2019 CISQ 71

71. Drive for Velocity Everyone wants faster time to market, but few want to hear about the risks

72. Complex Toolchains •Production metrics, objects and feedback •Requirements •Business metrics •Update release metrics •Release plan, timing and business case •Security policy and requirement •Design of the software and configuration •Coding including code quality and performance •Software build and build performance •Release candidate •Acceptance testing •Regression testing •Security and vulnerability analysis •Performance •Configuration testing •Approval/preapprovals •Package configuration •Triggered releases •Release staging and holding •Infrastructure storage, database and network provisioning and configuring •Application provision and configuration. •Performance of IT infrastructure •End-user response and experience •Production metrics and statistics •Application monitoring

73. Increasing Technical Debt Software Quality Iceberg (Code Complete, Steve McConnell) Code complexity Maintainability Internal Coupling Functional Size Redundant code Testability External Coupling Operating Cost Maintenance Cost Reliability Performance Business Value

74. Greater Reliance on Suppliers Hope is not a strategy Quality Productivity Security Cost

75. The Nine-Digit Glitch Board of Directors CEO, COO, CFO Business VPs Corporate Auditors CIO Now affect Accountable for Governance Risk management Business Continuity Brand protection Customer experience Nine Digit Defects Cyber incidents see a 1087% increase year on year (RSM research).

76. Lets Learn From The Past As industry's mature they automate, from robots to fly-by-wire

77. Standards

78. Question – What's your favourite standard ?

79. We built this city, we built this city on rock an' roll We Need Standards We Can Implement

80. We Need Standards We Can Implement We built this city, we built this city on rock an' roll

81. ISO 25010 Software Quality Model • Functionality - "A set of attributes that bear on the existence of a set of functions and their specified properties. The functions are those that satisfy stated or implied needs." • Reliability - "A set of attributes that bear on the capability of software to maintain its level of performance under stated conditions for a stated period of time.” • Usability - "A set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users." • Efficiency - "A set of attributes that bear on the relationship between the level of performance of the software and the amount of resources used, under stated conditions.” • Maintainability - "A set of attributes that bear on the effort needed to make specified modifications." • Portability - "A set of attributes that bear on the ability of software to be transferred from one environment to another."

82. ISO 25010 In Structural Code Analysis • OWASP Top 10 Vulnerabilities—most critical web application security risks – CWEs & CVEs • OWASP Application Security Verification Std v4.0 – 14 categories guide automated unit & integration tests – most all verification checks have corresponding CWEs • SANS/CWE Top 25 — most commonly encountered cyber weakness enumerators (CWEs), • CISQ Object Management Group (OMG) Automated Source Code Measures for technical debt & structural quality (Security, Reliability, Performance Efficiency & Maintainability) – all based on CWEs

83. CISQ Structural Quality Measures Example architectural and coding weaknesses included in the CISQ measures • SQL injection • Cross-site scripting • Buffer overflow • Empty exception block • Unreleased resources • Circular dependency • Expensive loop operation • Un-indexed data access • Unreleased memory • Excessive coupling • Dead code • Hard-coded literals CISQ Structural Quality Measures Security 22 weaknesses (Top 25 CWEs) Reliability 29 weaknesses Performance Efficiency 15 weaknesses Maintainability 20 weaknesses An international team of experts selected the weaknesses to include in CISQ measures based on the severity of their impact on operational problems or cost of ownership. Only weaknesses considered severe enough that they must be remediated were included in the CISQ measures. CISQ Structural Quality measures are currently being extended to embedded systems software.

84. CISQ/OMG Standards Process CISQ Executive Forums Automated Function Points Reliability Performance Efficiency Security Maintainability OMG Approved Standards ISO Fasttrack Deployment Workshops OMG

85. Sample RFP CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for IT Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.” Working With Suppliers

86. Standards Are Only Effective If Implemented We have to deal with the risk link - people.

87. Focus on Culture and Behavior • Don’t expect everyone to like automation, some people just like doing it the hard way • Incentivize the behavior you want for the individual and team. • Have agreed metrics and KPI linked to automation. • Show results

88. Develop The Correct Skills Process Design Scripting Toolchain Integration Standards Definition

89. Obtain Commitment From The Team Product Backlog Risk Backlog [Requirements, Policy's, Definition of Done] Compliance Officer Team Product Owner Product Manager GRC Stores/Themes Compliance Strategy [Working software, documentation] Risk Log / Board Escalations GRC Questions Information “Radiator” Standards, Good Practice, Regulations

90. Certify The Environment, Don’t Assume Product Backlog Risk Backlog [Requirements, Policy's, Definition of Done] Complianc e Officer Team Product Owner Product Manager GRC Stores/Themes Compliance Strategy [Working software, documentation] Risk Log / Board Escalations GRC Questions Information “Radiator” Standards, Good Practice, Regulations Automated Environment Certified Tool Team Align

91. Have a virtual quality and security assistant ? ! ? Chatbot integrated into the toolchain

92. Gamify - Link Automation to Autonomy Autonomy Time of Deployments Intra-day allowed After hours and on weekends Frequency of Deployments No limits on changes per today Few changes per week Change Advisory Board CAB for information purposes only CAB for all changes Freeze Periods Only exceptional change freeze periods apply All freeze periods apply Continuous Integration Environments Quality Assurance Incident Management Release Management Coding Practices Team A Level of Automation Team B

93. Stay in Control of Quality With Agile Governance • Communities of Practice • Toolchain Consistency • Tools Register • Automation Best Practice

94. Link Automation to KPI, and Set Targets • Feature throughput • Lead-time/Cycle-time • IT Downtime • Business Downtime • Percentage of task automated • Refactoring rate and cost

95. Focus on Outcomes Business Outcomes Higher Productivity Grater Agility Improves Quality Reduces Risk

Augmented Agile: Agile Behavior Meets Digital Engineering

Consortium for Information & Software Quality (CISQ)

Augmented Agile: Agile Behavior Meets Digital Engineering