Tag Archives: agile

Security Test-Driven Development – Spreading the STDD-virus

Posted on by

Agile development with short release cycles have been here for a while now. Most of us want fast feedback loops and many even Continuous Delivery with changes in production software everyday. However, most of us also want secure software and the question is: Can security engineering keep up the pace? A fast feedback that your production website has been hacked is not so nice.

Security is a quality attribute of your software, just like performance. If you don’t want to be surprised by bad performance in production, what do you do? You test and design for it of course and you preferably do so continuously from the start.

In my experience, the same however cannot be said of security. It is very often relegated to a once a year penetration-test activity. Not really an agile way of working is it? Not a secure one either since untested software is released as often as everyday. There must be a better way of working which allows us to both work in an agile way and to verify security on the way.

In the security field people like Gary McGraw have long been advocating ways of “Building Security In”. The Microsoft MVP Troy Hunt also proposes that you should “Hack yourself first”, instead of just waiting for the pentesters. Shouldn’t it be possible to weave these security activities into the process the same way as it is possible with normal testing activities using TDD? Indeed I, as well others believe it is so. Let’s look at how small extensions to an agile process can work in this direction.

Extending Sprint planning to deal with security

To start off you must first know what the requirements are. In a normal agile project this is done by eliciting User Stories from the customer or the Product Owner.

Let’s take an example of an online e-Commerce site. A User Story might be “As a customer I want to be able to add a review of a product so that information about products can be shared between customers”.

This works very well for traditional functional requirements, but for non-functional requirements a little extra thought is needed. In the case of security requirements it is often useful to state a requirement in a scenario that should NOT happen. In our case we shall call these scenarios “Abuser Stories”. These stories are non-technical descriptions of bad things you want to make sure you avoid. An Abuser story for this site might be:

“An attacker uses the Review Product-function to spread malicious Javascript”. Another might be: “An attacker abuses the Review Product-function to gain unlimited access to the database”.
A Product Owner might not be able to come up with these stories himself, but might need the help of a security engineer to help him with finding these threat scenarios.

SecurityTesting
read more »

The Training Deck – how to onboard a new team member faster

Posted on by

There will always be a productivity dip for the team when a new member joins. The question is not if it is going to happen, but how much will productivity dip and for how long. Imagine if you could onboard new team members with a minimum of productivity loss.

Training Deck

read more »

10 years of Agile @ Crisp. Next challenge: Global Warming!

Posted on by

10 years ago, 2007, me and a few Crisp colleagues embarked on a mission: be best in Sweden at helping companies become agile. We had experienced first-hand the power of agile development, and wanted to use this newfound super-power to help both Crisp and our clients improve. Others joined us and – tadaa!  – Agile Crisplet was born (and the concept of crisplets)! That was the year I taught my first Certified ScrumMaster course together with Jeff Sutherland, co-creator of Scrum. Since then we’ve co-trained almost 30 courses! About 2-3 times per year. In fact, May 22-23 is our 10 year anniversary (join us at the course in Stockholm!).

Now 10 years has passed since our Agile Crisplet was formed, and I’m happy to see we have achieved more than we ever could have dreamed!

Dispensing with false humility here, we’ve somehow managed to become one of the world leaders in this field! Famous agile and lean experts partner with us. Super well-known product companies, large telecoms and banks, even government organizations, turn to us as first choice for agile guidance and training. Our videos and articles and books have racked up millions of hits, and we are basically overwhelmed with requests to do coaching, write book forewords, do conference talks and workshops, and run training courses. I’ve done almost 30 keynotes in 20+ countries. I’m amazed (and overwhelmed) every time I look at my inbox, I’ve had to hire an assistant just to turn down the 95% of all requests that we simply don’t have capacity to handle.

OK, so now what?

10 years is a long time, and now it’s time for a new focus! At least for me (Crisp is a no-CEO company where people are free to do whatever they want).

read more »

The Minimum Loveable Product

Posted on by

I recently attended a course (the excellent LeanUX course held by my colleague Martin Christensen) and again the topic of what a MVP is or is not came up in a discussion. In the Lean startup-world an MVP is defined as the smallest thing you can make to validate a hypothesis which helps you decide if you should continue developing something or if you should stop. For more information about this, I suggest you read Eric Ries’ blog post on the topic. However, in (very) many companies and organisations the term is used to describe the first version of a product released to the end customers. This “version one release MVP” usually contains as little functionality and features as is possible without making the end customers too upset, disappointed or unwilling to pay.

Another colleague of mine, Henrik Kniberg, wrote a quite thorough and lengthy blog post about MVPs a while back where he touched upon the point I’m about to make. While quite a few people see the different uses of the word MVP as problematic, I see it as a symptom of a need for a better word for describing at least one of its currently used meanings, i.e. the “version one release MVP”. Luckily enough a good friend and coworker gave me the answer to that need a few years ago: He called the first release of the hardware product we were working on at the time the “Minimum Loveable Product”.

read more »

Team Shapes – Simulating the challenges with component teams

Posted on by

A common pitfall for large and medium size organizations who are adopting Agile is to organize teams based on software component boundaries instead of feature teams. Some of the aspects of long term code ownership are more straightforward this way, but the negative consequences in terms of business agility and costs of coordination are huge. A few years back I designed a simulation exercise that I call Team Shapes which illustrates some of the issues and now I would like to share this simulation with the community. read more »

Feature Verification Funnel

Posted on by

verificationfunneloverviewYou have a feature to implement, and there are several implementation solutions available. How do you choose the best one?

Start out with all your potential solutions for a feature idea. Next, filter based on how the solutions perform using a set of verification methods. Finally, implement the feature knowing that you’ve found the solution that meets your needs.

Verification Methods

The following are the verification methods I’ve experienced most often on the projects: read more »

How to set role expectations and working agreements

Posted on by

teamcultureConflicts in teams about how to work are common. There are expectations from team members on each other that aren’t being met. In a given team, members might be implicitly expected to perform a certain task. The team might have unspoken policies that seem to be common sense. Sometimes people pick up on these unspoken rules and implicit expectations, but when they don’t, you have a team in conflict. You can’t avoid all conflict (and a dose of healthy debate and discussion is good for teams), but you can help teams by explicitly defining the roles and working agreements. Instead of dealing with conflict after the fact, you start with discussion and agreement. The following workshop is the one I use with my teams and organizations.

read more »

Transforming the pyramid to an agile org

Posted on by

I recently published a video exploring how an agile team based organization could look like. How does it function under the hood? In the video I also discussed how you get there.

I got tons of great feedback so I decided to provide the contents of the video in the format of a blog. If you prefer to read instead of watching a 11-minute-long video, then this is for you 🙂

AgileOrg

read more »

Planning as a social event – scaling agile at LEGO

Posted on by

The past couple of years I’ve been travelling back and forth to LEGO’s HQ in Billund Denmark, helping out with their agile journey. Super interesting! Learned more than we could ever fit in an article, but here’s an attempt to capture at least some of it, written together with LEGO colleague and co-instigator Eik Thyrsted Brandsgård. Enjoy!

Planning as a social event – scaling agile @ LEGO

Agile @ Lego

 

Agile Everywhere – slides from my keynote at Agile Tour, Montreal

Posted on by

Here are the slides from my keynote Agile Everywhere at Agile Tour Montreal. In the keynote I shared my experiences from applying agile in lots of different non-software contexts.

Enjoyed the trip! After the conference I spent a day at Ubisoft Quebec to discuss REALLY large-scale agile (like 1000-person video game projects). I see more and more companies applying agile at really large scale and my key takeaway is that, the larger the project is, the more important the agile principles are. For tiny projects any process can pretty much work. Also interesting to see how different types of organizations – such as video game development, banking, and aerospace – arrive at very similar patterns for how to deal with dozens or hundreds of agile teams building a product together. Just keep in mind that big projects are super-risky with or without agile, so your first priority should be to de-scale.

Anyway here are some sample pictures from the keynote.

takeaways

read more »

Alignment at Scale – slides from my Agile Africa keynote

Posted on by

Here are the slides from my Agile Africa keynote Alignment at Scale (or How to Not become Totally Unagile when you have Lots of Teams). Thanks for a great conference!

And thanks everyone for the Emma greeting, that sure made an 8 year girl very happy 🙂

(Emma was supposed to join me on this trip, but couldn’t make it because I had missed some required paperwork for travelling with minors to South Africa).

Agile Alignment at Scale

read more »

Spotify Rhythm – how we get aligned (slides from my talk at Agile Sverige)

Posted on by

Here are the slides from my talk about Spotify Rhythm at Agila Sverige.

The talk is about Spotify’s current approach to getting aligned as a company. It covers:

  • what problem we’re trying to solve, and how we’ve gone through two other models (OKR and Priorities & Achievements) before arriving at our current model
  • how we define “Bets” using the DIBB framework (Data-Insight-Belief-Bet)
  • how we prioritize bets using stack-ranking based on company beliefs and north star goals
  • how we visualize bets on a kanban-like company level board, and group them into Now – Next – Later columns
  • how different parts of the company visualize their own bets and align with higher level bets, using interlinked bet boards.
  • how we synchronize and prioritize our work using different cadences at different levels of the company.
  • how this model is used to support squad autonomy
  • our challenges and learnings with this so far

Holy crap how did I manage to cover all that in 10 minutes?! Guess I talked fast 🙂

Some sample slides below.

RIP OKR

read more »

Growing up with Agile – Minimum Viable Bureaucracy at Spotify

Posted on by

The Spotify ‘model’ was presented in 2012 and has stired a lot of interest in the agile community and the software industry in general. In May I was asked to talk about this a the Bay Area Agile Leadership Network meetup in San Francisco (where I at that time was working as an agile coach at the Spotify office): Since 2012 Spotify has continued to grow hectically. How has agile evolved at Spotify since then? Going back in time, and following the latest structural changes makes it clear that the model was never the primary mover: instead a number of core principles and ambitions has worked as constraints on how to grow the most suitable organization for the task, with small enough structure to help but not be in the way: you could call it Minimum Viable Bureaucracy.

Here’s the slides:

I also spoke about the same subject in April, at Agila Örebro, where there is a video recording of the talk (in Swedish).

Agile @ Lego – our slides from Passion for Projects

Posted on by

UPDATE Dec 2016: Wrote an article about LEGO’s agile journey, see here. Includes all of the material below, plus explanations and updates.

Here are the slides for our talk Agile @ Lego at Passion for Projects in Uppsala. Enjoyed discussing this stuff with project managers and the like from all sorts of industries. A common theme from the conference was the power of self-organization, and the role of leadership in creating the right context for self-organization to happen. Our talk provided a real-life large scale example of this.

2016-03-15 Agile @ Lego Henrik Kniberg Eik Thyrsted Brandsgård

read more »

Making sense of MVP (Minimum Viable Product) – and why I prefer Earliest Testable/Usable/Lovable

Posted on by

(French translation)

A couple of years ago I drew this picture and started using it in various presentations about agile and lean development:

Since then the drawing has gone viral! Shows up all over the place, in articles and presentations, even in a book (Jeff Patton’s “User Story Mapping”  – an excellent read by the way). Many tell me the drawing really captures the essence of iterative & incremental development, lean startup, MVP (minimum viable product), and what not. However, some misinterpret it, which is quite natural when you take a picture out of it’s original context. Some criticize it for oversimplifying things, which is true. The picture is a metaphor. It is not about actual car development, it is about product development in general, using a car as a metaphor.

Anyway, with all this buzz, I figured it’s time to explain the thinking behind it.

read more »

Fluent@agile – visualizing your way of working

Posted on by

Help your team improve by visualizing their way working with the fluent@agile game. With the game you can help a team find out where it is on its agile journey and help it find new ways of both fine tuning and make leaps in their daily agile practices.

Fluent@agile board

A teams fluent@agile board.

Me and Christian Vikström made the game together at Spotify during the spring 2014 when we were coaching and helping team to improve their agile skill sets and processes.

At Spotify the teams owns their own way of working. A team is basically only accountable to itself. We therefore needed an coaching tool that could help team take ownership of their self image and improvement strategy.

We also wanted the tool to be opinionated. It should be normative, tell what’s good and not, what kind of practices and behaviour that’s expected and not. But at the same time it should be open to new ideas, new practices and the teams local conditions.

read more »

Scaling Agile (but not in the way you think…)

Posted on by

For more than a year now, I’ve been working with clients that have agile scaling problems. But not the kind of scaling problem everybody is talking about – one product and lots of teams. No, I’ve been busy trying to sort out what to do when you have one team supporting a multitude of products with different architectures, stakeholders, technology stacks and whatnot. This is what I’ve learnt, so far.

read more »

The Pirate Ship – Growing a great crew: a workshop facilitation guide

Posted on by

The Pirate Ship is a workshop format that will help you grow amazing teams. It is “speed boat” on steroids. I have now been using it for a couple of years, and the time have come to share this useful and productive format.

I do a lot of workshops with teams. Very often the workshops are about the teams themselves. It can be anything from getting a newly started team up and running to helping a mature and stable team find new inspiration and challenges.

read more »

Real-life Agile Scaling – slides from keynote @ Agile Tour Bangkok

Posted on by

Here are the slides from my keynote “Real-life agile scaling” at Agile Tour Bangkok. Enjoyed hanging out with everyone!

Key points:

  • Scaling hurts. Keep things as small as possible.
  • Agile is a means, not a goal. Don’t go Agile Jihad. Don’t dump old practices that work.
  • There is no “right” or “wrong” way. Just tradeoffs.
  • There is no one-size-fits-all. But plenty of good practices.
  • Build feedback loops at all levels. Gives you better products and a self-improving organization.

Here is an InfoQ article with a nice summary of the keynote.

Sample slides:

Henrik Kniberg
read more »

What is an Agile Leader?

Posted on by

Agile product development has become the norm in many industries (especially software). That means products are developed by small, self-organizing, cross-functional teams, and delivered in small increments and continuously improved based on real customer feedback. Pretty much as described in the Agile Manifesto – but replace the word “software” with “product” (because it really isn’t software-specific).

That’s all fine and dandy. However when things get bigger, with dozens of teams collaborating over organizational boundaries, things obviously get more complex and painful. Even if the entire organization is neatly organized into scrum teams, you can still end up with an unaligned mess! Here’s a picture that might feel familiar:

Misaligned teams

read more »

What is an Agile Project Leader?

Posted on by

I wrote this article because of two observations:

  1. Many organizations use a “project model” when they shouldn’t.
  2. There is a lot of confusion and debate in the agile community about projects and project leadership.

I don’t claim to have “the answer”, but I’ve thought about this a lot and also experimented on my clients (don’t tell them… sshhhh). So, here is my take on project leadership in an agile context.

Oh, and by the way, this article is a Bait & Switch. I’m trying to get you to read What is an Agile Leader. You might save time by just skipping this and going there right away 🙂

Beware of “projects”

The word “project” is controversial in agile circles. Some companies use the “project model” as some kind of universal approach to organizing work, even for product development. However, a surprising number of projects fail, some dramatically. I see more and more people (especially within the software industry) conclude that the project model itself is the culprit, that it’s kind of like rigging the game for failure.

A “project” is traditionally defined as a temporary effort with a temporary group of people and a fixed budget. Product development, on the contrary, is usually a long term effort that doesn’t “end” with the first release – successful products start iterating way before the first release, and keep iterating and releasing long after. And teams work best if kept together over the long term, not formed and disbanded with each new project. Also, the traditional approach to planning and funding projects often leads us to big-bang waterfall-style execution, and hence a huge risk of failure because of the long and slow feedback loop. The project model just doesn’t seem to fit for product development.

read more »

Scaling Agile @ Lego – our journey so far (slides from LeanTribe keynote)

Posted on by

UPDATE Dec 2016: Wrote an article about LEGO’s agile journey, see here. Includes all of the material below, plus explanations and updates.

Here are the slides for my Lean Tribe keynote Scaling Agile @ Lego – our journey so far.

Here’s also a more detailed version from a talk that Lars Roost and I did at GOTO conference in Copenhagen: is SAFe Evil (that talk was also recorded).

This is just a brief snapshot of a journey in progress, not a journey completed 🙂

Sample slides below.

This doesn't scale read more »

Slides från session Agila Arbetsmetoder @ SAST Q20

Posted on by and

IMG_5797

Otroligt kul att se hur många som fick plats i ett konceptrum i Aula Magna under våra presentationer under SAST Q20! Vi pratade först om kontinuerlig förbättring och sedan om working agreements. Slides hittar du nedan.

På Crisp har vi en hel del gratis material och guider, bland annat en Toyota Kata mall, som Martin nämnde under sin presentation.

Vi pratade också om Mobprogrammering, och den främsta källan till information finns på mobprogramming.com.

Tack till er alla som kom och lyssnade och vi ber om ursäkt för att alla inte fick plats.

/Martin & Mikael

IMG_5789

What should we build next?

Posted on by

Gathering ideasHow do you decide what to build next? Who comes up with the ideas? How do you decide in what order to implement them? How do you keep track of what you’re working on, and what you want to work on?

Here’s a behind the scenes look at how the Candy Crush Soda team comes up with ideas and decides what to build next!

read more »

Agile Topics card deck

Posted on by

The other week I got the idea to create simple conversation cards. Each card represents an agile practice, a conversation topic or an abstract theory. Now I’ve drawn 96 cards. I simply couldn’t stop 🙂

Cards

read more »

Using Agile in Hardware To Develop New Products In One Day

Posted on by

Team developing new productsCan you develop new products from scratch in one day?

This challenge was taken on by the Medical HW manufacturer Optinova in August. Over the course of two days, we pushed the limits of “what is possible” by applying Agile in a HW environment.

Our hypothesis was that Agile would be a good fit in product development and innovation scenarios. And the result so far from the work that we have been doing with Optinova is promising.

Cross-functional teams, focus, rapid prototyping, close customer feedback and visual overview work just as well in hardware as in software. The training setup we used was as follows:

  • Day 1 – Learn basic Agile practices and principles
  • Day 2 – Applying them – developing three product ideas from scratch in one day, in a rapid prototyping workshop.

The result: All three participating teams managed to take an idea to working prototype in a day. One team went so far as submitting a bid to a real customer the following day based on their prototype. That’s high speed, even in software terms. But the most important thing wasn’t the result, it was the lessons learned. When we asked the participants if they wanted to continue to build products this way, the votes were unanimously in favor. If we can get it to work, this would help build a competitive and innovative company. read more »

Omöjligt att kombinera agilt arbetssätt med pm3

Posted on by and

Låt oss säga det direkt: att kombinera pm³ och någon agil metod, som t ex Scrum, är en dålig idé. Varför?

Därför att du kommer inte kunna dra nytta av det agila arbetssättet. pm³ är baserat på en helt annan världsbild. pm³ bygger på årsplaner och att verksamheten beställer från en leverantör, typiskt den egna IT-avdelningen.  Agilt har som en grundläggande värdering att reagera på förändringar i stället för att följa en plan. Det agila arbetssättet drivs proaktivt genom utforskande i motsats till att vara en mottagare av beställningar.

Vi har sett flera försök att implementera pm³ och de har ofta misslyckats på grund av att pm³ bygger på tankar om att verkligheten kan förutsägas 18 månader i förväg, att användarna vet vad de vill ha och att det är viktigt att ha en skarp linje mellan verksamhet och IT. Vi hävdar (och flera med oss törs vi lova) att inget av detta är varken sant eller bra.

read more »

Dedicated Scrum Master or not?

Posted on by

Should the Scrum Master role be full time or part time? What if there is not enough Scrum Master work to do? Can the Scrum Master also do other work in the team? Can the Scrum Master be Scrum Master for several teams?

There was a debate about this and Scrum Alliance created the Scrum Master Manifesto in 2011.

Even though this has been debated by many minds before, I still get asked what my views are on this topic.

I’ve done all kinds of variations on this role. I’ve been a dedicated Scrum Master for a single team. I have done the SM role and a developer role at the same time. I’ve been a Scrum Master for several teams at the same time. These alternatives have their own advantages and challenges. In this post I intend to describe my view and recommendations.

read more »

Samarbetets myserier på Agila Sverige 2015

Posted on by

Samarbete är en svår konst. De flesta organisationer har grava underskott på samarbete. Ännu saknas på många sätt förståelse för vilka mekanismer som driver och uppmuntrar samarbete. På Agila Sverige 2015 pratade jag om samarbetets mystik och gjorde några nedslag i en längre workshop om detta. Bland annat visar jag hur man kan spela ultimatumspelet i storpublik, hur apor reagerar på orättvisor och de fyra pelarna i samarbetets mekanik.

read more »

2nd edition of Scrum & XP from the Trenches – “Director’s Cut”

Posted on by

Guess what – I’ve updated Scrum and XP from the Trenches!

Scrum and XP from the Trenches 2nd edition

read more »