2. 2
Create a Pull Request
Reject a defect
Estimate a story
Agree on a technical solution
Grab a coffee
Check KPI and Dashboard
Set feature priority
Do a code change
Renew a certificate
3. 3
Create a Pull Request
Reject a defect
Estimate a story
Agree on a technical solution
Grab a coffee
Check KPI and Dashboard
Set feature priority
Do a code change
Renew a certificate
You decide to
Based on
• Goals
• Context
• Culture
11. 11
Each Organisation is Different
Temporary promotional game
Not critical to business
Only bugfixes
Many internet users
Solution for 10-15 years
Critical to business
Constant development
Few internal users
Maintainability Important Not important
Data Governance Important Not important
Availability Important Not important
UX Not important Important
…
iPhone Game shop
Large business solution
Technology Centralize Decentralize
Operations Decentralize Decentralize
Styleguide Decentralize Centralize
…
12. 12
Cost/Benefits
Economies-of-scale Wasteful
Easy to control Hard to control
Deep Knowledge Broad Knowledge
Single point of failure Resilient
Slow change Adaptable
Homogenous Heterogenous
Interoperability Incompatibility
One solution Reinvention
13. 13
Centralize strategic decision
• Infrequent
• Long-lasting
• Economies of scale
Decentralize everything else
• Frequent
• Time-critical
• Require local information
SAFe Principle #9
https://www.scaledagileframework.com/decentralize-decision-making/
17. 17
Example: CLEW
Obey Opt-Out Opt-In You Choose
EAIO
Digital Services
Esta Pipeline
Pom.xml
Spring Ecosystem
CLEW SSP
(for some actions)
Spring Layering
18. 18
Your culture (values, roles, processes, technologies)
=
How you scale decision-making
Each Organisation is Different
19. 19
Methods
Level of automation
Tooling Guardrails
Degree of
freedom Obey Opt-Out Opt-In Freedom
Awareness
Prozess and rituals
Not needed
Tooling Support
20. 20
Process and Rituals
Method Example My experience
Rules TRS Coding Conventions Keep to minimum
Boards Architecture boards Dilutes responsability
Workflow EtP, Polarion Works only if infrequent
/ approval fatigue
Rituals Scrum, SAFe
Failure Friday
Meaning gets lost over time
Checklist DoR, DoD Narrow thinking
!
!
!
x
✓
21. 21
Awareness
Method Example My experience
Training, Presentation Bahnpro Academy Great for onboarding
Role Model / Mentoring Security Champion Great to learn
Celebrate sucess Team event Gives recognition
Reward and Incentive Bug Bounty Program Risk: Game the system
Gamify Secure Code Warrior
Capture the Flag
Reputation Stackoverflow
Risk: Game the system
Peer pressure Pair programming in a healthy balance
✓
✓
✓
✓
!
!
22. 22
Tooling Railguards
Method Example My experience
Delivery Pipeline Automation Sonar
Architecture Checks
Unit Tests
«Shift Left»
Workflow tools JIRA, Polarion The tool won’t solve
your process issue
✓
!
23. 23
Tooling Support
Method Example My experience
Templates Esta Pipeline
Feature template
PI-Planning Structure
«Make simple things
easy, make complex
things possible»
Examples Techstack patterns Pay attention to
maintain the examples
up-to-date
Enabler Tools Eclipse all in one
Self-service portals
Pay attention to not
create single-point-of-
failures
✓
✓
✓
25. 25
1. How often are you blocked?
2. Are the constraints still justified?
Inspect
26. 26
1. Process
– More emphasis on NFR testing rather than change
approval
2. Framework
– Less common framework, more «code duplication»
3. Coding Style
– Strong rules for operations, less on maintenability
Adapt – selected examples from RCS
27. 27
It takes many generations
of software releases to
change your cultural DNA.
