Updated version of my original Cyphercon talk. With more useful information regarding how to enact change and better visual representation of certain concepts. This talk was given at CircleCityCon 10 in 2023
When Management Asks You: “Do You Accept Agile as Your Lord and Savior?"admford
So you’ve been told that your organization is going to implement Agile methodologies across ALL of IT, and not just in development. And you’ve been given the responsibility to implement it in Security Operations, and without a clear plan or measurable objectives other than “make the team more efficient”. While one can complain that someone in the C-Suite heard of the book “Scrum: The Art of Doing Twice the Work in Half the Time”, you still have a job to do. So the basics of Project Management, Agile, Scrum & Kanban are covered and how one can shoehorn these concepts into working in an operations context. Oh, and there will also be some finagling of where DevOps stands regarding Agile and Operations.
The Agile Learning Organization - Dave Litwiller - Sept 17 2020 - PublicDave Litwiller
Adapting Organizational Capabilities in Scale-up Technology Businesses to Thrive in the Strategic Environment using the Principles of TQM
- Enhance organizational learning capacity and agility
- Build connective capacity across functions and time horizons, to counter tendencies toward silos
- Develop leadership bandwidth at all levels to expand institutional capability for productive change
Getting Agile Right - Rebooting an Agile Organization in 100 days - Agile Tou...Maurizio Mancini
Presentation by Senior Consultant Maurizio Mancini of Exempio.com about an Agile Reboot of one Agile organization that was accomplished in just 100 business days!
When Management Asks You: “Do You Accept Agile as Your Lord and Savior?"admford
So you’ve been told that your organization is going to implement Agile methodologies across ALL of IT, and not just in development. And you’ve been given the responsibility to implement it in Security Operations, and without a clear plan or measurable objectives other than “make the team more efficient”. While one can complain that someone in the C-Suite heard of the book “Scrum: The Art of Doing Twice the Work in Half the Time”, you still have a job to do. So the basics of Project Management, Agile, Scrum & Kanban are covered and how one can shoehorn these concepts into working in an operations context. Oh, and there will also be some finagling of where DevOps stands regarding Agile and Operations.
The Agile Learning Organization - Dave Litwiller - Sept 17 2020 - PublicDave Litwiller
Adapting Organizational Capabilities in Scale-up Technology Businesses to Thrive in the Strategic Environment using the Principles of TQM
- Enhance organizational learning capacity and agility
- Build connective capacity across functions and time horizons, to counter tendencies toward silos
- Develop leadership bandwidth at all levels to expand institutional capability for productive change
Getting Agile Right - Rebooting an Agile Organization in 100 days - Agile Tou...Maurizio Mancini
Presentation by Senior Consultant Maurizio Mancini of Exempio.com about an Agile Reboot of one Agile organization that was accomplished in just 100 business days!
NetCom Learning : How to Improve Business Processes using AgileSwati Chhabra
Organizations intend to improve their business processes quickly and cost-effectively in today’s dynamic world. Agile Business Process Management (BPM) contributes to transform the business landscape in several aspects and organizations are also embracing it.
Agile vision in IT and Software devlopmentJitander Kapil
This is Agile vision sharing presentation prepared by me some time ago, To share my viwes in terms of entry-level people having thoughts, agile misconceptions, and transformation challenges.
Any suggestions feedback well appreciated.
Thanks
jitander kapil
Detail Information about Agile Process Frameworks such as SCRUM and CMMI along with agile manifesto. Comparison between scrum and capability maturity model integration
Agile Software Development Workshop at Sote HubSote ICT
Presentation on agile project management by Maros Korinek, developer at Funding Circle, from his 4-day training in December 2016 at Sote Hub in Voi, Kenya.
This presentation provides a quick guide to getting started with the Scrum framework. It's based on the 2020 Scrum Guide (https://scrumguides.org/scrum-guide.html). It can be used to introduce Scrum to new teams as well as experienced practitioners that need to refresh their understanding of the framework as part of the continuous improvement process. It also provides additional resources and references.
This presentation describes the basics of Agile methodologies and how it is differed from Waterfall. Then continues with the most famous Agile approach: Scrum
We are driven by helping teams and
individuals be the best they can be. We do
this through introducing and living agile,
people focused practices.
Agile
By: Zaheer Tariq
Agenda
AGILE INTRO 01 Waterfall Basics
LEARNING
OBJECTIVES Agile Overview
02
Agile Manifesto & Values
• Pre-agile waterfall methodology basics Agile Principles
• What agile is and is not
• Benefits of employing agile practices
Common Misconceptions
• Misconceptions about Agile
• Some Common Agile Methodologies
03 Common Agile Methodologies
Waterfall
A traditional approach to project management.
Project Management
Project Project
Project Project Team
Management Manager
Planned program Processes used Individual who Individuals that
of work that to complete a plans and do the work to
requires a project. directs the work deliver on
definitive amount required to project
of time, effort and complete a deliverables.
planning to project.
complete.
History of Waterfall Project Management
Photo Courtesy of thwapschoolyard.com
Photo Courtesy of flintgm100.com
Project management processes were Waterfall process developed from highly
developed based on step-by-step structured physical environments where after-
manufacturing models the United States the-fact changes are prohibitively costly, if not
military used during World War II. impossible.
In the waterfall method to managing
Requirements
projects, you complete work in stages. You
do not move to another stage until you
have completed the work in the previous
Design
stage.
Development
STAGES DEFINED Testing
Deployment
A 1 Day training that shows you all you need to know about Scrum, the afternoon contains a practical part where we perform several sprints using Lego as our means of production
PMI-ACP Domain 1 Agile Principles and MindsetJoshua Render
Free training for the PMI-ACP Certification exam -
Learn and understand some basic agile concepts.
View training video here: https://agile-mercurial.com/video-library/pmi-acp-domain-1-agile-principles-and-mindset-training-video/
Blog: https://agile-mercurial.com
YouTube: https://www.youtube.com/channel/UCPM82of2YuqIR1SgLGHa1eg
Twitter: https://twitter.com/agile_mercurial
Tumblr: https://agilemercurial.tumblr.com/
This presentation provides a quick guide to getting started with the Scrum framework. It's based on the 2020 Scrum Guide (https://scrumguides.org/scrum-guide.html). It can be used to introduce Scrum to new teams as well as experienced practitioners that need to refresh their understanding of the framework as part of the continuous improvement process. It also provides additional resources and references. This deck can be used by SMs or Agile Coaches to team Scrum Framework to teams.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
NetCom Learning : How to Improve Business Processes using AgileSwati Chhabra
Organizations intend to improve their business processes quickly and cost-effectively in today’s dynamic world. Agile Business Process Management (BPM) contributes to transform the business landscape in several aspects and organizations are also embracing it.
Agile vision in IT and Software devlopmentJitander Kapil
This is Agile vision sharing presentation prepared by me some time ago, To share my viwes in terms of entry-level people having thoughts, agile misconceptions, and transformation challenges.
Any suggestions feedback well appreciated.
Thanks
jitander kapil
Detail Information about Agile Process Frameworks such as SCRUM and CMMI along with agile manifesto. Comparison between scrum and capability maturity model integration
Agile Software Development Workshop at Sote HubSote ICT
Presentation on agile project management by Maros Korinek, developer at Funding Circle, from his 4-day training in December 2016 at Sote Hub in Voi, Kenya.
This presentation provides a quick guide to getting started with the Scrum framework. It's based on the 2020 Scrum Guide (https://scrumguides.org/scrum-guide.html). It can be used to introduce Scrum to new teams as well as experienced practitioners that need to refresh their understanding of the framework as part of the continuous improvement process. It also provides additional resources and references.
This presentation describes the basics of Agile methodologies and how it is differed from Waterfall. Then continues with the most famous Agile approach: Scrum
We are driven by helping teams and
individuals be the best they can be. We do
this through introducing and living agile,
people focused practices.
Agile
By: Zaheer Tariq
Agenda
AGILE INTRO 01 Waterfall Basics
LEARNING
OBJECTIVES Agile Overview
02
Agile Manifesto & Values
• Pre-agile waterfall methodology basics Agile Principles
• What agile is and is not
• Benefits of employing agile practices
Common Misconceptions
• Misconceptions about Agile
• Some Common Agile Methodologies
03 Common Agile Methodologies
Waterfall
A traditional approach to project management.
Project Management
Project Project
Project Project Team
Management Manager
Planned program Processes used Individual who Individuals that
of work that to complete a plans and do the work to
requires a project. directs the work deliver on
definitive amount required to project
of time, effort and complete a deliverables.
planning to project.
complete.
History of Waterfall Project Management
Photo Courtesy of thwapschoolyard.com
Photo Courtesy of flintgm100.com
Project management processes were Waterfall process developed from highly
developed based on step-by-step structured physical environments where after-
manufacturing models the United States the-fact changes are prohibitively costly, if not
military used during World War II. impossible.
In the waterfall method to managing
Requirements
projects, you complete work in stages. You
do not move to another stage until you
have completed the work in the previous
Design
stage.
Development
STAGES DEFINED Testing
Deployment
A 1 Day training that shows you all you need to know about Scrum, the afternoon contains a practical part where we perform several sprints using Lego as our means of production
PMI-ACP Domain 1 Agile Principles and MindsetJoshua Render
Free training for the PMI-ACP Certification exam -
Learn and understand some basic agile concepts.
View training video here: https://agile-mercurial.com/video-library/pmi-acp-domain-1-agile-principles-and-mindset-training-video/
Blog: https://agile-mercurial.com
YouTube: https://www.youtube.com/channel/UCPM82of2YuqIR1SgLGHa1eg
Twitter: https://twitter.com/agile_mercurial
Tumblr: https://agilemercurial.tumblr.com/
This presentation provides a quick guide to getting started with the Scrum framework. It's based on the 2020 Scrum Guide (https://scrumguides.org/scrum-guide.html). It can be used to introduce Scrum to new teams as well as experienced practitioners that need to refresh their understanding of the framework as part of the continuous improvement process. It also provides additional resources and references. This deck can be used by SMs or Agile Coaches to team Scrum Framework to teams.
Similar to When Management Asks You: “Do You Accept Agile as Your Lord and Savior?” - CircleCityCon 10 - 2023 (20)
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
When Management Asks You: “Do You Accept Agile as Your Lord and Savior?” - CircleCityCon 10 - 2023
1. Dan Lagos “AdmFord" - CircleCityCon 10 - 2023
When Management Asks You:
“Do You Accept Agile as Your
Lord and Savior?”
Agile In Operations, Can It Actually Be Done?
2. What Is Agile In The First Place?
The Basics
• Welcome change, even late in a project
• Iterate work frequently, anything between a month to a week.
• Business people and project engineers work together regularly.
• High trust environment, you accept that your team knows what they're doing
• There is adequate experience in the team, and adequate documentation for training
• The most e
ffi
cient and e
ff
ective method of conveying information to and within a project team is face-to-
face conversation (either in person, or via video/voice chat)
• A sustainable pace is maintained throughout the project.
• Simplicity is key, don't do work that doesn't need to be done to complete the project.
(Think: Minimal Viable Product)
• The best architectures, requirements, and designs emerge from self-organizing teams
• With every iteration, re
fl
ect on how to become more e
ff
ective, tune and adjust behavior accordingly
3. Origins of Agile
From The Factory to the O
ffi
ce Floor
1. Identify the constraints (bottlenecks)
2. Decide how to exploit the constraints
(quick improvements using existing resources)
3. Subordinate
(Review the process to make sure the
constraint is actually needed)
4. Elevate the system’s constraints
(constraint still there, consider further actions
or investments needed to eliminate it)
5. If the constraint breaks (is eliminated), go back
to step 1. But don’t allow inertia to cause a
new constraint
• TOC advocates keeping inventory of
products low.
• You don’t make new inventory when
you can’t sell it
• You keep in-work inventory low by
using small batches
• Time to process an element of inventory is
key to
fi
nding where bottlenecks appear
• Inventory is anything that requires labor to
create, or modify (for us, that’s tickets &
tasks)
Theory of Constraints
Any system is limited from achieving more of its goals by a small number of constraints, and by focusing to
identify and restructure the organization around them, we limit their impact.
4. Origins of Agile
The Toyota Way
• Continuous Improvement
• Long Term vision for a company or a team
• A reasonable, but in reality, potentially unachievable goal
• Example:
“The team will respond to any new IOC/IOA/Vulnerability and implement an alert in
production or remediate it within an hour, while following standard operating procedure"
• Continuous Improvement (kaizen)
• Find the source of a problem to make good decisions
• Respect for people
• Respect others, and take responsibility to do our best to build mutual trust in a team
• Stimulate personal and professional growth, share opportunities of development and maximize
individual and team performance
5. Origins of Agile
The Toyota Way (part 2)
• Right Process
• Create a process that can bring problems to
the surface
• Use a pull system to avoid overproduction
• Level out the workload (don’t overload
workers)
• Build a culture where it’s ok to stop a process
in order to
fi
x it, when problems are identi
fi
ed
• Standardize tasks and processes
• Use visual control so no problems are hidden
(dashboards!)
• Use already tested technology (don’t reinvent
the wheel)
• Add value to the organization
• Grow leaders who understand the work,
live the CI philosophy, teach it to others
• Develop people and teams who follow
the CI philosophy
• Work with partners & suppliers by
challenging and helping them to improve
• Continuously solve core problems drives
organizational learning
• Go see for yourself the situation to
understand it
• Make decisions by consensus,
considering all options, then
implementing the solution quickly
• Become a learning organization through
re
fl
ection and continuous learning
6. It’s Basically Project Management
But Without The Project Managers (To A Point)
• Every plan fails when confronted with the enemy
• The further you plan out work, the more of a chance unexpected work or
circumstances will wreck your schedule
• Waterfall works when plans don’t change
• Increasing
fl
exibility means breaking work up into smaller more manageable
chunks
• Iteration based on the chunk size, work with team leads, management, and
employees to identify issues and solutions quickly.
7. Framework Letter Jumble
SCRUM, KANBAN, SCRUMBAN, etc…
SCRUM SCRUMBAN KANBAN
Team Members
Recommended members
between 3-9
No Speci
fi
c Limitations on the
number of team members
No speci
fi
c limitation on the
number of team members
Team Roles
Members are assigned di
ff
erent
roles & responsibilities
No Roles
Members are generalists or
specialists
Work Cycles
Sprints that can last from 1 to 4
weeks
2-Week Iterations with continuity
(the board is not cleared)
Continuous Work
fl
ow
Rules Follows Strict Rules
Finds the middle grounds between
scrum & kanban with moderate rules
Relaxed and Flexible
Task Assignments Assigned to the team members Members choose their tasks
Members choose their fast-
paced (smaller) tasks
Limits Based on the current sprint
Limits placed on the work-in-
progress
Limits placed on the work-in-
progress
8. Scrum Meetings
The Structured Work Process (That can, or usually be, a PITA)
Frequency Attendees Time Needed Objectives
Sprint Lasts anywhere from 1 to 4 weeks
Sprint Planning First day of sprint
Product Owner, Scrum
Master, Scrum Team
Potentially an hour,
depending on team size
Set a sprint goal
Daily Scrum Daily
Scrum Master & Scrum
Team
No more than 15
minutes
What did you do yesterday?
What are you doing today?
Any Blockers/Issues?
Sprint Review
At the end of a
sprint
Scrum Team, Product
Owner, Scrum Master
2 - 4 hours
Demo of work done
user stories - con
fi
rm and decide on
incomplete ones
Assesement of Backlog
Sprint
Retrospective
Between Review &
Planning meetings
Scrum Team, Scrum
Master, Product Owner
An hour
What was done well
What didn’t go as planned
Improvements for next sprint
Backlog
Re
fi
nement
Every other week
depending on the
duration of the sprint
Scrum Master, Product Owner,
Potentially Scrum Team
No de
fi
ned duration
Prioritize backlog items
Alight backlog to KPIs
Appropriate sizing of backlog items
Add more detail
9. Frameworks and Team Evolution
Using the Stages of Team Development to do Agile
Scrum
A structured work environment provides bene
fi
ts
Scrumban
Easing of structure
Productivity is stabilizing
Kanban
Less structure needed
More autonomous work
Forming Storming Norming Performing
Change in
Composition
• Frameworks, while not necessary to fully implement, can be used to help in team
evolution.
10. Agile Is Not Simply Implementing a Framework
Stay Away From “Cargo Cult Agile”
• An Organization that wants to implement “Agile" can’t just order the use of
Scrum or Kanban across the board.
• Every operations team will have di
ff
erent organizational, and business
requirements
• Frameworks can be implemented partially, or in a hybrid manner (SCRUMBAN)
• Implementation is a two way street
• Organizations must change to give Project Managers / Product Owners /
Team Leads more liberty to initiate & lead changes
• Team members have to speak up when they identify problems or constraints
11. Actually Putting Agile to work, DevOps
The Culmination of Agile in the Development World
• In development, the end state of Agile can be said to be DevOps.
• DevOps has the same principles as Agile, while not necessarily following strict
frameworks.
• It de
fi
nes objectives regarding the types of work and techniques to achieve
them
• It expects good knowledge of what the team members are doing, and
creating/implement tools that they can implement changes frequently.
• We see this in things like the Software Development Lifecycle (SDLC)
12. Types of Work and Priorities
The Four Types of work
Gene Kim in the Phoenix Project and DevOps handbook de
fi
ned the four types of work in a business
• Business Projects (Highest Priority)
• Business Initiatives, most of development and engineering work
• Internal IT Projects (2nd Highest Priority)
• Infrastructure and IT Operations
• Updates and Changes (Normal Priority)
• Often Generated from the two previous types of work
• Unplanned Work or Recovery Work (should be limited as much as possible)
• Incidents and problems generated by other work
13. The Three Ways of DevOps
How CI/CD Works
1. Systems Thinking/Flow of Work
• All work should ideally
fl
ow in one direction, such as across a
KANBAN board (from new, to in progress, in review, to done)
• Any
fl
ow back in the process means that there are unidenti
fi
ed
potential issues or constraints that need to be addressed
2. Amplify Feedback Loops
• Learn from current processes and
fi
nd improvements
• Implement improvements to the processes
3. Experimentation
• Try multiple ways of improving processes and work and test
which work better
• In development, the best example of this is A/B testing
14. DevOps foundations in Security (DevSecOps?)
Enterprise vs MSSP
• Enterprise & Team Projects take priority
• Maintenance and Operations work (tasks
for other teams, installation of software,
etc) fall within the Team Projects priority
• Incidents take engineers away from
improvements and should be limited
• 80% Project & Ops work
20% Incident work
• Automate Incidents and Operations to
meet KPIs and team SLAs
• MSSP Improvements, Maintenance &
Operations work may be handled by a
separate team compared to Security
Monitoring
• Incidents are the main work done
• 80% Incident work
20% identifying improvements
• Based on contracts with other
organizations, apply automation and
process improvements to meet KPIs
and SLAs
15. Starting the Change to Agile
People, Process, Tools
• Change has to come from both the top (Senior Management & Management) and within the teams themselves
• Identify all the processes that your team is involved with.
• Tasks received from other teams.
• Incidents your team have de
fi
ned and how to resolve them.
• Common operations work that is done frequently
• Playbooks are your friend.
• Word, Sharepoint, OneNote or Wiki are
fi
ne.
• Playbooks within your ticketing system (such as the SecOps module in ServiceNow) are preferred and
force analysts to follow the work
fl
ow, ensuring repeatability.
• Creates the foundations for automating the Incident Response process.
• SOAR to accelerate.
• Automation is needed to increase the throughput of a team by freeing up time for other work & tickets
16. Change Mangement
Many Di
ff
erent Models Available
Change
Management
Models
Process
Focused
People
Focused
Kotter’s 8 Step Change Model
Lewin’s Change Model
Deming Cycle | PDCA
McKinsey 7S Model
ADKAR Model of Change
Nudge Theory
Satir Change Model
Bridges’ Transition Model
The Kübler-Ross Change Curve
Maurer 3 Levels of Resistance & Change Model
17. From Process to Pipeline
Identify the Work process, Find Improvements, Rinse and Repeat
Knowing your team’s work processes is foundational. Since it is literally understanding what work is done,
and how it is done.
1. Interactive Playbooks are a
fi
rst step to standardize work
2. Identify dependencies (where other teams are needed) and constraints (certain tasks always falling to a
single team member)
3. Implement improvements
A. Automate parts of the playbooks
B. Request that other teams automate some of their work that’s related to your own team’s
C. O
ffl
oad excessive work from a
ff
ected team members
4. If IR to alerts has been fully automated, create new alerts based on frequency of the automated ones, to
fi
nd discrepancies to normal daily
fl
ow (ML could be bene
fi
cial in this)
5. New services, products and technologies are implemented regularly, so go back to step 1
18. Software Development Life Cycle (SDLC)
The Foundation Behind Modern Development and DevOps
1. Planning
2. Analysis
3. Design
4. Implementation
5. Testing & Integration
6. Maintenance
19. Software Development Lifecycle
Adapting the Dev process into SecOps
1. Planning: Identify IOC/IOA that you want to create an alert for
2. Analysis: Research IOC/IOA (is it even possible in your environment?)
3. Design: Create a query to search for the IOC/IOA in your current systems (have you already seen it?)
4. Implementation: Write the actual alert logic from the initial query, and commit it to the SIEM
5. Testing & Integration: Does the alert
fi
re? Tickets should be assigned to whom created the alert logic.
A. If successful, tune as needed
B. If unsuccessful, verify why it’s not
fi
ring (not present, not logged, or no logs)
C. Assign Purple Team member to write test article on dedicated machine to con
fi
rm alert will actually
fi
re.
6. Maintenance: Run regular “drills”, making sure that all know alerts are able to detonated at will by the team
to make sure everything works correctly (think, "
fi
re drills”)
SIEM
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/devops/automate-sentinel-integration
DOCUMENTATION
20. Ticket Metrics
The Subtle Art of Of Proving a Team’s Work
• Number of tickets closed is a disingenuous metric. It doesn’t takes in consideration the e
ff
ort or the
result (true positive or false positive).
• Automatically assigning tickets to users randomly is good, but you can’t use the count of how
many tickets are closed to measure employee performance.
• Pick and pull at discretion works in not overburdening sta
ff
, but employees with experience can
identify potentially easy tickets and horde them.
• Assigning points value based on priority/criticality can help, but the frequency of the tickets and the
e
ff
ort still isn't considered. Sta
ff
can potentially game the points in their favor by holding harder
tickets.
• Scrum o
ff
ers another tool, “Planning Poker”, assigning a weight for a task based on the amount or
di
ffi
culty of work to complete it.
• Weight is assigned after the tickets are closed (based on closure type, true positive or false
positive)
21. Planning Poker
Stealing From Scrum, to Make Metrics Work
• Planning Poker is usually done during backlog re
fi
nement.
• Values are decided on how much work a task takes, and NEVER how much time it would.
• Humans are more visually oriented, so measuring things by estimating size or quantity can actually be
more accurate.
• Plus, wisdom of the crowds helps as assigning values is a team decision.
• Planning Poker can use a modi
fi
ed
fi
bonacci sequence to estimate work.
0, 1, 2, 3, 5, 8, 13, 20, 40, 100
• In doing so, you do not take in consideration SLAs or KPIs
• Track these separately, as adjacent goals to achieve
• The law of averages in the end comes to our rescue regarding metrics
• Consider refactoring values for incident types regularly (every six months or on frequency of changes to
team composition)
22. x̄ and σ
Average and Standard Deviation in a Normal Distribution
• In a Normal Distribution, the average
(mean), x̄, is at the central point of
the curve
• The standard deviation, σ, measures
how dispersed the data is compared
to the average (mean)
23. Out of Bounds Tickets
When Response Times Exceed Standard Deviation (Both Positive & Negative)
• When they take more time
• Dependencies can be to blame,
team members are waiting for other
teams to complete associated work
• Employee needs additional training
or is a new team member and
needs to improve
• There potentially is a problem with a
tool the team uses
• These can be the
fi
rst targets to
quickly improve SLA results by
automation or process
fi
xes
• When they take less time
• An employee has found a way to
automate their work
• Congratulate them, and see about
standardizing their procedure!
• An Employee has been closing tickets
by only doing the work partially.
• Retraining might be required
• Closer monitoring of employee’s
work
• Termination of employee
24. Track the Averages
Track Team Progress
• The average time it takes for a job with a certain Estimation of E
ff
ort (Planning Poker value),
even when not linked to an KPI or SLA, can provide valuable information on the team.
• As the team evolves (forming, storming, norming, performing), the average time it takes for
work should drop month to month.
• This includes performance improvements done with automations and improvements
done in conjunction with other teams.
• Time saved = Money Saved. Doing more tickets in less time means improved e
ffi
ciency.
This allows management to o
ff
er a metric of money saved over time to senior leaders at an
organization.
• Changes to teams can raise these averages, seeing how fast they start dropping again can
indicate how well the team is working together.
25. Useful Books
Some Study Materials
• Foundational Texts
• "The Goal: A Process of Ongoing Improvement” by Dr. Eliahu Goldratt
• “Toyota Kata” by Mike Rother
• “The Phoenix Project” by Gene Kim
• “The DevOps Handbook” by Gene Kim
• Useful in my opinion, as Security can also be a creative enterprise, I would also
suggest the following book:
• "Creativity, Inc.: Overcoming Unseen Forces That Stand in the Way of True
Inspiration" by Ed Catmull
26. Certs?
When you need some credentials
• Scrum?
• Useful to have if you’re doing Scrum Master work.
• Professional Scrum Master (PSM) by Scrum.org
• No need to take a class. Higher minimal passing score needed. Scrum.org pushes more for understanding how to
use scrum and adapt it to your requirements.
• Certi
fi
ed Scrum Master (CSM) by Scrum Alliance
• Requires you to take a class. Comparatively low passing score. The exam concentrates more on wrote knowledge
of Scrum, and not as much how to apply or adapt it.
• Agile
• Anything potentially from PMI
• If you don’t have the work history for a PMP
• Try the CompTIA Project+
• Or do the Certi
fi
ed Associate in Project Management (CAPM) by PMI