The document describes the Kanban Pizza Game, which is used to teach the concepts of Kanban. The game has participants work together to produce pizzas, with the goal of maximizing their score. Over multiple rounds, the game introduces concepts like limiting work-in-progress, visualizing the workflow, and measuring lead times. Playing the game helps participants experience how Kanban practices like pull-based workflows and limiting bottlenecks can improve productivity and collaboration.
Kanban is a lean method for managing workflow. This document describes using a pizza game to teach Kanban principles. Players take on roles in a pizza business workflow to produce pizzas. The objectives are to make as many pizzas as possible within a day while avoiding wasted materials. Players learn to visualize their workflow, limit work in progress, and improve collaboratively based on metrics for finished and in-progress pizzas. Additional rounds introduce concepts like new pizza types and centralized orders to manage flow through the system.
The document describes a Kanban pizza game exercise used to teach Kanban principles. Participants make pretend pizzas on an assembly line with steps and limits on work in progress to experience managing flow and throughput. The game introduces key Kanban concepts like visualizing workflow, limiting work in progress, and using a point system to measure and optimize flow. Additional scenarios are added over multiple rounds to illustrate adapting the workflow to new conditions.
This is my presentation from the Turku Agile Days 2013 #tad013 on 2013-05-14.
Created by my colleague Ralf Kruse, the agile42 Kanban Pizza Game is an excellent way of trying out how to create a kanban board from scratch and optimizing it, in a failsafe and accommodating environment. In fact, every new Kanban team needs to create their board from scratch, and as far as we know (and we know a few things) this is the only Kanban game that doesn't give you a ready made process.
If you want to run this game in your own team, be sure to check out the rules and the tips-n-tricks at http://www.agile42.com/en/training/kanban-pizza-game/.
Kanban pizza game (26.10.2016, Kiev, DataHub)vardziya
В среду 26.10.16 в коворкинге DataHub на м.Шулявка мы провели очередную игру из нашей серии “Agile Games”.
На этот раз это была игра “Kanban pizza game”. Эта игра разработка компании Agile42 (http://www.agile42.com/en/training/kanban-pizza-game/).
В то время, как другие Kanban игры обычно фокусируются на механике доски и на потоке предопределенной заранее Kanban системы, эта игра "Kanban Pizza Game" учит Вас как построить Kanban систему на существующем процессе, как его визуализировать и начать улучшать.
Игра оказалась очень веселой и динамичной.
Ну и, конечно, очень полезной.
На примере пиццы мы почувствовали Kanban на практике и научились:
• Получили опыт построения Kanban системы на уже существующем процессе, точно так же как в реальной жизни
• Получили опыт полной Kanban системы в противовес фокусирования только на Kanban доске и сопутствующих механизмах
• Поняли, что Kanban доски являются контекстно-зависимыми: для каждого конкретного процесса может быть много вариантов Kanban досок, которые будут полезными и адекватными, и необязательно должна существовать идеальная Kanban доска
• Научились бороться с потерями с помощью ограничения Незавершенной Работы (НЗР, Work In Progress Limit)
• ну и, конечно, визуализировать все на Kanban Доске.
Кроме того мы получили хороший опыт быстрой самоорганизации и адаптации.
Да и просто весело и с пользой провели время!
This document outlines the instructions for a game where participants work together to rapidly make pizza slices. The game is designed to teach Kanban principles like limiting work in progress and pulling work only when capacity allows. Players are given supplies to represent pizza ingredients and an oven. They collaborate over multiple timed rounds to make as many pizza slices as possible before the timer ends. After each round, teams evaluate what went well and areas for improvement. The goal is for participants to learn how Kanban practices like restricting WIP can improve throughput.
The document describes a Kanban pizza game simulation used to help participants experience Kanban concepts in an engaging way. In the game, participants work together in a simulated pizza shop to make and deliver pizzas, earning and losing points along the way. The game is divided into rounds where different Kanban concepts like work in progress limits and visualizing workflow are introduced. Participants are given feedback on their score after each round and discuss lessons to improve their process. The overall goal is for participants to iteratively apply Kanban principles to maximize their score by optimizing their collaborative pizza production and delivery workflow.
Kanban is a lean method for managing workflow. This document describes using a pizza game to teach Kanban principles. Players take on roles in a pizza business workflow to produce pizzas. The objectives are to make as many pizzas as possible within a day while avoiding wasted materials. Players learn to visualize their workflow, limit work in progress, and improve collaboratively based on metrics for finished and in-progress pizzas. Additional rounds introduce concepts like new pizza types and centralized orders to manage flow through the system.
The document describes a Kanban pizza game exercise used to teach Kanban principles. Participants make pretend pizzas on an assembly line with steps and limits on work in progress to experience managing flow and throughput. The game introduces key Kanban concepts like visualizing workflow, limiting work in progress, and using a point system to measure and optimize flow. Additional scenarios are added over multiple rounds to illustrate adapting the workflow to new conditions.
This is my presentation from the Turku Agile Days 2013 #tad013 on 2013-05-14.
Created by my colleague Ralf Kruse, the agile42 Kanban Pizza Game is an excellent way of trying out how to create a kanban board from scratch and optimizing it, in a failsafe and accommodating environment. In fact, every new Kanban team needs to create their board from scratch, and as far as we know (and we know a few things) this is the only Kanban game that doesn't give you a ready made process.
If you want to run this game in your own team, be sure to check out the rules and the tips-n-tricks at http://www.agile42.com/en/training/kanban-pizza-game/.
Kanban pizza game (26.10.2016, Kiev, DataHub)vardziya
В среду 26.10.16 в коворкинге DataHub на м.Шулявка мы провели очередную игру из нашей серии “Agile Games”.
На этот раз это была игра “Kanban pizza game”. Эта игра разработка компании Agile42 (http://www.agile42.com/en/training/kanban-pizza-game/).
В то время, как другие Kanban игры обычно фокусируются на механике доски и на потоке предопределенной заранее Kanban системы, эта игра "Kanban Pizza Game" учит Вас как построить Kanban систему на существующем процессе, как его визуализировать и начать улучшать.
Игра оказалась очень веселой и динамичной.
Ну и, конечно, очень полезной.
На примере пиццы мы почувствовали Kanban на практике и научились:
• Получили опыт построения Kanban системы на уже существующем процессе, точно так же как в реальной жизни
• Получили опыт полной Kanban системы в противовес фокусирования только на Kanban доске и сопутствующих механизмах
• Поняли, что Kanban доски являются контекстно-зависимыми: для каждого конкретного процесса может быть много вариантов Kanban досок, которые будут полезными и адекватными, и необязательно должна существовать идеальная Kanban доска
• Научились бороться с потерями с помощью ограничения Незавершенной Работы (НЗР, Work In Progress Limit)
• ну и, конечно, визуализировать все на Kanban Доске.
Кроме того мы получили хороший опыт быстрой самоорганизации и адаптации.
Да и просто весело и с пользой провели время!
This document outlines the instructions for a game where participants work together to rapidly make pizza slices. The game is designed to teach Kanban principles like limiting work in progress and pulling work only when capacity allows. Players are given supplies to represent pizza ingredients and an oven. They collaborate over multiple timed rounds to make as many pizza slices as possible before the timer ends. After each round, teams evaluate what went well and areas for improvement. The goal is for participants to learn how Kanban practices like restricting WIP can improve throughput.
The document describes a Kanban pizza game simulation used to help participants experience Kanban concepts in an engaging way. In the game, participants work together in a simulated pizza shop to make and deliver pizzas, earning and losing points along the way. The game is divided into rounds where different Kanban concepts like work in progress limits and visualizing workflow are introduced. Participants are given feedback on their score after each round and discuss lessons to improve their process. The overall goal is for participants to iteratively apply Kanban principles to maximize their score by optimizing their collaborative pizza production and delivery workflow.
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
1) Web application security is often approached incorrectly, focusing too much on annual penetration tests and compliance, rather than ongoing monitoring and prevention through the development process.
2) Many vulnerabilities are introduced through third party libraries and dependencies, which are not properly tested or managed. Continuous testing across the full software supply chain is needed.
3) Not all vulnerabilities are equal - context is important. A risk-based approach should prioritize the most critical issues based on factors like impact, likelihood, and the development environment. Compliance alone does not ensure real security.
This document summarizes a presentation about the mobile security Linux distribution Santoku Linux. It discusses how Santoku Linux was created by modifying Lubuntu to include mobile forensic and security tools from the company viaForensics. Some key tools discussed include AFLogical OSE for Android logical acquisitions, iPhone Backup Analyzer, and utilities for analyzing mobile malware samples. Real-world examples of analyzing the Any.DO task manager app and Korean banking malware are also provided.
This document discusses sandboxing untrusted JavaScript from third parties to improve security. It proposes a two-tier sandbox architecture that uses JavaScript libraries and wrappers, without requiring browser modifications. Untrusted code is executed in an isolated environment defined by policy code, and can only access approved APIs. This approach aims to mediate access between code and the browser securely and efficiently while maintaining compatibility with existing third-party scripts.
This document discusses how HTML5 features can be used for authentication purposes and addresses some security challenges. It describes APIs like local storage, canvas, geolocation, and notifications that could be leveraged for authentication factors like passwords, patterns, and one-time passwords. However, it also notes risks like storing sensitive data on devices, spoofing locations, and notifications not being reliable. The document advocates using HTML5 responsibly and understanding privacy and user behavior when designing authentication solutions.
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
The document discusses code review techniques for advanced mobile applications. It begins with an overview of why mobile security is important given the rise in mobile usage. It then discusses different mobile application types and architectures that can be code reviewed, including native, hybrid, and HTML5 applications. The document outlines the goals of mobile application code reviews, such as understanding the application and finding security vulnerabilities. It provides the methodology for conducting code reviews, which includes gaining access to source code, understanding the technology, threat modeling, analyzing the code, and creating automation scripts. Finally, it discusses specific vulnerabilities that may be found in Windows Phone, hybrid, Android, and iOS applications.
The document discusses research conducted by Gregg Ganley and Gavin Black at MITRE in FY13-14 on iOS mobile application security. It describes their work on a tool called iMAS (iOS Mobile Application Security) which aims to provide additional security controls and containment for native iOS applications. iMAS addresses vulnerabilities related to runtime access, device access, application access, data at rest, and threats from app stores/malware. It utilizes techniques like encrypted code modules, forced inlining, secure MDM and more to raise security levels above standard iOS but below a fully customized/rooted mobile device environment. The document outlines the motivation, capabilities and future research directions for the iMAS project.
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
This document discusses how to defeat cross-site scripting (XSS) and cross-site request forgery (XSRF) when using JavaServer Faces (JSF) frameworks. It covers validating user input, encoding output, and protecting view states to prevent XSS, as well as configuring JSF implementations to protect against XSRF by encrypting view states and adding tokens to URLs. The presentation emphasizes testing validation, encoding, and protection in specific JSF implementations since behaviors can differ.
This document summarizes a presentation on defending against CSRF (cross-site request forgery) attacks. It discusses four main design patterns for CSRF defenses: the synchronizer token pattern, double submit cookies, challenge-response systems, and checking the referrer header. It then provides details on implementing these patterns, specifically looking at libraries and features in .NET, .NET MVC, Anticsrf, CSRFGuard, and HDIV that can help implement CSRF tokens and validation. The document covers the tradeoffs of different approaches and considerations for using them effectively on the code and server level.
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21drewz lin
This document provides an overview of the OWASP Broken Web Applications (OWASP BWA) project. It discusses the background and motivation for the project, describes the current status including what applications are included in the virtual machine, outlines future plans, and solicits feedback to help guide and expand the project. The goal of OWASP BWA is to provide a free, open-source virtual machine containing a variety of intentionally vulnerable web applications to aid in testing tools and techniques for finding and addressing security issues.
This document provides a summary of a presentation by Robert Hansen on the future of browser security. Hansen argues that while browser developers want to improve security and privacy, their companies' business models focused on advertising revenue prohibit them from doing so. He outlines various techniques used by advertisers and browser companies to track users against their preferences. Hansen advocates for technical controls that allow users to opt out of tracking through a "can not track" approach, rather than relying on ineffective "do not track" policies. He concludes by discussing WhiteHat Security's focus on privacy and their plans to add more security and privacy features to their Aviator browser.
Appsec usa2013 js_libinsecurity_stefanodipaoladrewz lin
This document summarizes Stefano di Paola's talk on security issues with JavaScript libraries. It discusses how jQuery's $() method can be considered a "sink" that executes HTML passed to it, including examples of XSS via jQuery selectors and AJAX calls. It also covers problems with JSON parsing regular expressions, AngularJS expression injection, and credentials exposed in URLs. Solutions proposed include validating all input, auditing third-party libraries, and moving away from approaches like eval() that execute untrusted code.
Appsec2013 presentation-dickson final-with_all_final_editsdrewz lin
(1) A study surveyed 600 software developers and found that most did not have a basic understanding of software security concepts, with 73% failing an initial survey and the average score being 59% before training. (2) However, after training, developers' understanding of key concepts increased, with some areas like cross-site scripting seeing a 20 percentage point gain. (3) The study concluded that targeted security training can improve developers' knowledge in the short-term, though retention of this knowledge may require refresher training over time.
This document summarizes Bruno Gonçalves de Oliveira's talk on hacking web file servers for iOS. It introduces Bruno and his background in offensive security and discusses how iOS devices store a lot of information and mobile applications are often poorly designed and vulnerable. It provides examples of vulnerable file storage apps, outlines features and vulnerabilities like lack of encryption, authentication, XSS issues, and path traversal flaws. The document demonstrates exploits like unauthorized access to file systems on jailbroken devices and how to find vulnerable systems through mDNS queries. It concludes that mobile apps are the future but designers still do not prioritize security and there are too many apps for users to vet carefully.
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
This document discusses forensic investigations of web exploitations. It presents a scenario where a web server in a DMZ zone was exploited but logs are unavailable, so network traffic must be analyzed. Wireshark will be used to analyze a PCAP file of recorded traffic to determine what happened and find any traces of commands or malware. The document also provides information on the costs of different types of cyber attacks, how to decode HTTP requests, and discusses tools that can be used for network forensics investigations like Wireshark, tcpdump, and Xplico.
Appsec2013 assurance tagging-robert martindrewz lin
The document discusses engineering software systems to be more secure against attacks. It notes that reducing a system's attack surface alone is not enough, as software and networks are too complex and it is impossible to know all vulnerabilities. It then discusses characteristics of advanced persistent threats, including that the initial attack may go unnoticed and adversaries cannot be fully kept out. Finally, it argues that taking a threat-driven perspective beyond just operational defense can help balance mitigation with detection and response.
The document summarizes a presentation on vulnerabilities found in SCADA systems between 2009-2013. It analyzed vulnerabilities by component, with the majority (66%) found in communication components like Modbus and DNP3 protocols. Examples of vulnerabilities are described for several devices. Real-world issues with SCADA systems are discussed like lack of authentication and patching. Recommendations are provided like auditing SCADA networks, implementing secure protocols and password policies, and keeping systems updated.
This 3-page document discusses the real-world challenges of implementing an agile software development lifecycle (SDLC) approach from the perspectives of Chris Eng and Ryan O'Boyle. It was presented at the OWASP AppSec USA conference on November 20, 2013 and focuses on practical lessons learned and best practices for incorporating security throughout an agile SDLC.
This document outlines a presentation given by Simón Roses Femerling on software security verification tools. It discusses BinSecSweeper, an open source tool created by VulnEx to scan binaries and check that security best practices were followed in development. The presentation covers using BinSecSweeper to verify in-house software, assess a company's software security posture, and compare the security of popular browsers. Examples of plugin checks and reports generated by BinSecSweeper are also provided.
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
1) Web application security is often approached incorrectly, focusing too much on annual penetration tests and compliance, rather than ongoing monitoring and prevention through the development process.
2) Many vulnerabilities are introduced through third party libraries and dependencies, which are not properly tested or managed. Continuous testing across the full software supply chain is needed.
3) Not all vulnerabilities are equal - context is important. A risk-based approach should prioritize the most critical issues based on factors like impact, likelihood, and the development environment. Compliance alone does not ensure real security.
This document summarizes a presentation about the mobile security Linux distribution Santoku Linux. It discusses how Santoku Linux was created by modifying Lubuntu to include mobile forensic and security tools from the company viaForensics. Some key tools discussed include AFLogical OSE for Android logical acquisitions, iPhone Backup Analyzer, and utilities for analyzing mobile malware samples. Real-world examples of analyzing the Any.DO task manager app and Korean banking malware are also provided.
This document discusses sandboxing untrusted JavaScript from third parties to improve security. It proposes a two-tier sandbox architecture that uses JavaScript libraries and wrappers, without requiring browser modifications. Untrusted code is executed in an isolated environment defined by policy code, and can only access approved APIs. This approach aims to mediate access between code and the browser securely and efficiently while maintaining compatibility with existing third-party scripts.
This document discusses how HTML5 features can be used for authentication purposes and addresses some security challenges. It describes APIs like local storage, canvas, geolocation, and notifications that could be leveraged for authentication factors like passwords, patterns, and one-time passwords. However, it also notes risks like storing sensitive data on devices, spoofing locations, and notifications not being reliable. The document advocates using HTML5 responsibly and understanding privacy and user behavior when designing authentication solutions.
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
The document discusses code review techniques for advanced mobile applications. It begins with an overview of why mobile security is important given the rise in mobile usage. It then discusses different mobile application types and architectures that can be code reviewed, including native, hybrid, and HTML5 applications. The document outlines the goals of mobile application code reviews, such as understanding the application and finding security vulnerabilities. It provides the methodology for conducting code reviews, which includes gaining access to source code, understanding the technology, threat modeling, analyzing the code, and creating automation scripts. Finally, it discusses specific vulnerabilities that may be found in Windows Phone, hybrid, Android, and iOS applications.
The document discusses research conducted by Gregg Ganley and Gavin Black at MITRE in FY13-14 on iOS mobile application security. It describes their work on a tool called iMAS (iOS Mobile Application Security) which aims to provide additional security controls and containment for native iOS applications. iMAS addresses vulnerabilities related to runtime access, device access, application access, data at rest, and threats from app stores/malware. It utilizes techniques like encrypted code modules, forced inlining, secure MDM and more to raise security levels above standard iOS but below a fully customized/rooted mobile device environment. The document outlines the motivation, capabilities and future research directions for the iMAS project.
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
This document discusses how to defeat cross-site scripting (XSS) and cross-site request forgery (XSRF) when using JavaServer Faces (JSF) frameworks. It covers validating user input, encoding output, and protecting view states to prevent XSS, as well as configuring JSF implementations to protect against XSRF by encrypting view states and adding tokens to URLs. The presentation emphasizes testing validation, encoding, and protection in specific JSF implementations since behaviors can differ.
This document summarizes a presentation on defending against CSRF (cross-site request forgery) attacks. It discusses four main design patterns for CSRF defenses: the synchronizer token pattern, double submit cookies, challenge-response systems, and checking the referrer header. It then provides details on implementing these patterns, specifically looking at libraries and features in .NET, .NET MVC, Anticsrf, CSRFGuard, and HDIV that can help implement CSRF tokens and validation. The document covers the tradeoffs of different approaches and considerations for using them effectively on the code and server level.
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21drewz lin
This document provides an overview of the OWASP Broken Web Applications (OWASP BWA) project. It discusses the background and motivation for the project, describes the current status including what applications are included in the virtual machine, outlines future plans, and solicits feedback to help guide and expand the project. The goal of OWASP BWA is to provide a free, open-source virtual machine containing a variety of intentionally vulnerable web applications to aid in testing tools and techniques for finding and addressing security issues.
This document provides a summary of a presentation by Robert Hansen on the future of browser security. Hansen argues that while browser developers want to improve security and privacy, their companies' business models focused on advertising revenue prohibit them from doing so. He outlines various techniques used by advertisers and browser companies to track users against their preferences. Hansen advocates for technical controls that allow users to opt out of tracking through a "can not track" approach, rather than relying on ineffective "do not track" policies. He concludes by discussing WhiteHat Security's focus on privacy and their plans to add more security and privacy features to their Aviator browser.
Appsec usa2013 js_libinsecurity_stefanodipaoladrewz lin
This document summarizes Stefano di Paola's talk on security issues with JavaScript libraries. It discusses how jQuery's $() method can be considered a "sink" that executes HTML passed to it, including examples of XSS via jQuery selectors and AJAX calls. It also covers problems with JSON parsing regular expressions, AngularJS expression injection, and credentials exposed in URLs. Solutions proposed include validating all input, auditing third-party libraries, and moving away from approaches like eval() that execute untrusted code.
Appsec2013 presentation-dickson final-with_all_final_editsdrewz lin
(1) A study surveyed 600 software developers and found that most did not have a basic understanding of software security concepts, with 73% failing an initial survey and the average score being 59% before training. (2) However, after training, developers' understanding of key concepts increased, with some areas like cross-site scripting seeing a 20 percentage point gain. (3) The study concluded that targeted security training can improve developers' knowledge in the short-term, though retention of this knowledge may require refresher training over time.
This document summarizes Bruno Gonçalves de Oliveira's talk on hacking web file servers for iOS. It introduces Bruno and his background in offensive security and discusses how iOS devices store a lot of information and mobile applications are often poorly designed and vulnerable. It provides examples of vulnerable file storage apps, outlines features and vulnerabilities like lack of encryption, authentication, XSS issues, and path traversal flaws. The document demonstrates exploits like unauthorized access to file systems on jailbroken devices and how to find vulnerable systems through mDNS queries. It concludes that mobile apps are the future but designers still do not prioritize security and there are too many apps for users to vet carefully.
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
This document discusses forensic investigations of web exploitations. It presents a scenario where a web server in a DMZ zone was exploited but logs are unavailable, so network traffic must be analyzed. Wireshark will be used to analyze a PCAP file of recorded traffic to determine what happened and find any traces of commands or malware. The document also provides information on the costs of different types of cyber attacks, how to decode HTTP requests, and discusses tools that can be used for network forensics investigations like Wireshark, tcpdump, and Xplico.
Appsec2013 assurance tagging-robert martindrewz lin
The document discusses engineering software systems to be more secure against attacks. It notes that reducing a system's attack surface alone is not enough, as software and networks are too complex and it is impossible to know all vulnerabilities. It then discusses characteristics of advanced persistent threats, including that the initial attack may go unnoticed and adversaries cannot be fully kept out. Finally, it argues that taking a threat-driven perspective beyond just operational defense can help balance mitigation with detection and response.
The document summarizes a presentation on vulnerabilities found in SCADA systems between 2009-2013. It analyzed vulnerabilities by component, with the majority (66%) found in communication components like Modbus and DNP3 protocols. Examples of vulnerabilities are described for several devices. Real-world issues with SCADA systems are discussed like lack of authentication and patching. Recommendations are provided like auditing SCADA networks, implementing secure protocols and password policies, and keeping systems updated.
This 3-page document discusses the real-world challenges of implementing an agile software development lifecycle (SDLC) approach from the perspectives of Chris Eng and Ryan O'Boyle. It was presented at the OWASP AppSec USA conference on November 20, 2013 and focuses on practical lessons learned and best practices for incorporating security throughout an agile SDLC.
This document outlines a presentation given by Simón Roses Femerling on software security verification tools. It discusses BinSecSweeper, an open source tool created by VulnEx to scan binaries and check that security best practices were followed in development. The presentation covers using BinSecSweeper to verify in-house software, assess a company's software security posture, and compare the security of popular browsers. Examples of plugin checks and reports generated by BinSecSweeper are also provided.
1. www.agile42.com
Kanban Pizza Game—About Kanban
Kanban Pizza Game by agile42 is licensed under
Creative Commons Attribution-Share Alike 3.0 Germany License.
What is Kanban?
Kanban is a tool that allows optimization of a process by visualizing it. There
are three main prescriptions:
1 Visualize the workflow
2 Limit WIP
3 Measure and optimize the average lead time
Visualize the workflow
With the physical production of the Pizza the workflow is always pretty present,
and with the drawing of the workflow we can reflect the current process.
Limit WIP
Through the game some kind of bottlenecks and queues will pile up. During the
game we introduce work in progress limits to make sure that we produce the
right things and to avoid that we loose points for unused materials. The
participants experience that WIP-Limits are more than just intentional
limitations. —They change behavior. People interact more on the overall
production, communicate more and help each other when needed.
Measure and optimize the average lead time
In the game we do not measure the lead time, because it would make the game
more complicated. Instead we built in a point system that triggers the same
behavior of optimizing the flow.
In the real world we haven't such a point system. Here we use the average lead
time as measurement and optimize accordingly.
Some Benefits of Kanban
- Bottlenecks become clearly visible, leading to increased collaboration
- Evolutionary path to agile software development
- Provides a way to be agile without iterations, starting where you are
- Natural tendency to spread throughout an organization
2. www.agile42.com
Kanban Pizza Game Rules
Kanban Pizza Game by agile42 is licensed under
Creative Commons Attribution-Share Alike 3.0 Germany License.
Recipes
Pizza Hawaii Pizza Speciale
• Pizza Base (cut paper, buckled edge) • Pizza Base (cut paper, buckled edge)
• Tomato Purée (painted red) • Tomato Purée (painted red)
• 3 pieces of ham (cut pink post-it-snippets) • 7 pieces of rucula (thin green post-it
• 3 pieces of pineapple (cut yellow post-it- snippets)
snippets) • Rucula burns in the oven!
Points
• Each finished pizza gives 5 points
• Unused pieces: minus points
• Unused pizza base: - 2 points
• burned pizza: no points, all materials count as unused
• (optional: per 3 unused snippets of paper: - 1 point)
• When filling orders, an order gives points when all is done or none when anything is
missing.
Constraints
Oven
- After the oven is closed, no other piece must be put in.
- A pizza has to bake for 30 sec and is burned after 45 sec.
- Pay attention, Rucula is burned in the oven!
Round Length
- Arbitrary, limited amount of time to simulate a random slice of the day.
Playing
You’re opening a new pizza restaurant. We’re your sponsors, we supply you with an oven,
material and tools. We expect you to attract and bind customers with good quality and to earn
money.
3. www.agile42.com
Kanban Pizza Rules—Game Master
Kanban Pizza Game by agile42 is licensed under
Creative Commons Attribution-Share Alike 3.0 Germany License.
Rounds
Ok, here is the deal: You are the sponsor of a Pizza Bakery Shop! Motivate
people to produce the highest value.
Round 1 Let them bake Pizza Hawaii as fast as possible and see what happens.
Tell them that on the first day, all pizza is handed out for free and you expect a
lot of customers. Do not give further instructions for the set up.
Round 2 Introduce orders (and explain the impact on the score), introduce
stations, introduce WIP limits
Round 3 Introduce the „Pizza Speciale“—attention, Ruccola burns in the oven!
Round 4 Let them self-organize
Flow of the Game
- Explain them that you want to run a Pizza Shop. Read Preparations and follow
the instructions
- Ask them how many points they think that they will score, note that number.
- Tell them that the rounds will symbolize slices of the day and will not have a
fixed length
- Do about 6 mins rounds but do not tell them how long it will be
- Count the score after each round
- Do a 2 min retrospective after each round. 1 min to focus on what impeded
them most and another 1 min to discuss how to improve that or get around
it.
Goals of the Game
1. „Feel“ Kanban
2. Understand Pull and why it works in contrast to push (make sure this is
implemented by round 2)
3. How to decrease lead time by limiting WIP
4. How to build a Kanban Board
Preparations
• Get into groups of 5 people (ideally; 4 people also works). Each group at one table.
• Hand out a stack of yellow paper
• Hand out a stack of colored post-its (yellow, green, rose)
• Prepare a red marker and a scissor on every table
• Prepare a stop watch (oven)
• Prepare some tape (oven)
4. www.agile42.com
Preparations
Show them how to prepare a Pizza Hawaii! (But not in steps, just show)
Report
1. „Sold“ pizza slices
2. Inventory
3. Points per round
4. Lead time of the third pizza slice (Optional!)
TimeKeeping
5. www.agile42.com
Kanban Pizza Game - Outlook
Kanban Pizza Game by agile42 is licensed under
Creative Commons Attribution-Share Alike 3.0 Germany License.
Ok, now we experienced Kanban! What is next?
Kanban is a tool that can change your life. But there is more to it than just
setting up a board.
Cad
ts enc Clas
es
ulle ses
of S
rB ervi
Silve ce
ne
ion of Do
Definit
„Kaizen Guide“
Avat Se
rv
ar s Ag ice L
ree e
me vel
nts
Wo
one Agr rking
ion of D
Releas e Definit eem
ents
KANBAN BASE - 3 Prescriptions
Measue Lead
Limit WIP Visualize
Time
Next Steps to Kanban
1. Visualize your Process
2. Limit your Work-In-Progress
3. Measure the Average Lead Time
4. Identify Bottlenecks
5. Improve
You do not need to take that challenge on your own. We offer help - Training
and Coaching by agile42.
info@agile42.com