Nov 242014
 
What really is an MVP?

In his highly influential book, The Lean Startup, Eric Reese introduced term “minimal viable product” (MVP). As Reese rightly points out, firms putting out new products typically spend too much time and money on features that miss the mark somehow in meeting customer needs or are simply unnecessary. The result is a delayed over-expensive product that is more likely than not an economic failure. Reese proposes a better alternative: put out the least function (minimal) product that you can that might meet customer needs or at least will draw customer attention (viable). This way the team can test the market with different feature sets, get customer feedback, and commit development resources to the expensive activity …

Read more

 
avatar

It is becoming clear that the prevailing piecemeal approach to security is no longer sufficient to thwart increasingly sophisticated attacks. Gaps in coverage provide possible entry points, blended attacks in several sectors can mask the actual threat, and sophisticated attacks involving multiple targets and approaches can find their way around many current defenses. Interest is growing in unified threat management (UTM) for small to medium-sized businesses, which centralizes all network intrusion response in a single device, and next-generation firewalls (NGFs), which defend against most of the same things but are aimed at the enterprise. Although some currently define these as separate product areas, major vendors are now providing this form of protection as a continuum. …

Read more

 
avatar

If you only adopt one practice of Agile, adopt retrospectives. The rest will emerge from that. This is old wisdom among Agilists, and back in the early 2000s, Cutter Senior Consultant Alistair Cockburn boiled down his Crystal Clear method to “Iterate and Reflect.” I thought everything of interest had already been written on this topic — until I was involved recently in a mostly failed transition during which this was a major topic. Looking at leadership models, you find the concept of post-heroic leadership where the heroic leader solves problems by either being the expert him or herself, or an “achiever” who pushes others to solve the problem. The post-heroic leader works by providing the …

Read more

 
avatar

Every historical era has its lessons, such as Don’t trust totalitarian dictators to respect diplomatic niceties, Avoid land wars in Asia, and You know what’s going to happen to Sean Bean in this movie. One of the lessons of the last decade is certainly Information is not intelligence. Unfortunately, many people who do software requirements, or depend on them to build and test software, have not seen the relevance of that maxim in their own work. Requirements in software development serve much the same purpose as intelligence in national security: they are supposed to provide actionable, reliable insights. “Actionable” is largely a question of format, which software professionals can control directly. Older questions like, What …

Read more

 
avatar

There are many theories about what Enterprise Architecture is, and there should be. But ultimately, it is not the theory that matters. The make-up of the people, the organizational structure and the circumstances of the enterprise drive what people end up doing, and what architecture looks and feels like. Prefixes are free: The “x” Architect EA practices within different enterprises look and feel very different. For example, one enterprise may have a Content Architect but not a Security Architect. A different enterprise may have a Payments Architect, reflecting a specific domain within that company. Just imagine if medical professionals were as free with prefixes and specialization tags as we have been in architecture! I get …

Read more

 
From Information Risk Management to BI for Software Organizations to Agile Transitions, We’ve Got You Covered.

We’ve been rounding up Dennises lately: Dennis Adams and Dennis Hogarth have joined our team of expert consultants. But along with the Dennises, we welcome Nancy Williams, Murray Cantor and Don MacIntyre. Dennis Adams is a long time Cutter contributor. He’s frequently presented the academic viewpoint for Cutter Benchmark Review. (If you’re not familiar with CBR, it partners academics and practitioners who co-write a survey, analyze the data, and then write opinion pieces — influenced by their academic/practitioner perspective — that are based on the findings. Looking at an issue or technology from both an academic and practical perspective gives CBR readers the 360 view they won’t otherwise see.) Now Dennis will add his expertise …

Read more

 
avatar

Every once in a while, you run into an individual or an organization with an acutely mechanistic view of software development processes. “Mechanistic,” in this context, means that processes are like machines: you wind them up and let them go. As long as they continue to operate, good things will result. This misconception echoes a similar view of political systems that is alternately harmless and dangerous. In “The Place Of The Independent In Politics,” James Russell Lowell warned that too many Americans had lapsed into a view of the Constitution that it was a “machine that would go if itself.” “I admire the splendid complacency of my countrymen,” Lowell said, “and find something exhilarating and …

Read more

 
avatar

It took home improvement retailing giant Home Depot about a week before it finally confirmed it had suffered a data breach. Home Depot first reported the possibility of a breach on 2 September 2014, but did not actually confirm the hacking until 8 September. During that time, the company made somewhat vague statements that it was still carrying out an investigation to determine whether or not its systems had actually been compromised. Based on the company’s recent press release confirming the breach (see “The Home Depot Provides Update on Breach Investigation“), it appears that Home Depot’s internal IT security team was unaware that its payment data systems had been compromised. Instead, it looks as if …

Read more

 
avatar

From the beginning of data processing in the 1950s, an "us/them" dynamic has existed between business and IT organizations. Since then, attempts by CIOs and business executives to cross the cultural barriers have met with varying degrees of success. Organizations intent on building trust and partnership between business and IT face these challenges: IT’s culture and processes. The IT organization’s relationship with the business is IT-centric rather than business centric. Business accountability failure. When the IT function is IT centric, business management does not understand its role or responsibilities in the partnership. Both the business and IT sides are responsible for applying IT effectively throughout the organization. CIOs are not providing the leadership. The CIO …

Read more

Oct 072014
 
avatar

There are very few more pressing issues in management today than cyber security. Notice that I didn’t say IT management; I said management. When the hacking of a major US retailer (Target) leads to the loss of billions of dollars in stock value and sales and the removal of not only the CSO, but the CIO and ultimately the CEO as well, stockholders, investors, and customers take notice. Organizations worldwide depend increasingly on information and communications technology to operate and manage 24/7/365, and wireless devices, BYOD, social media, and the like all combine to make the jobs of those responsible for cyber security exponentially more difficult. Like the Dutch boy and the dike, security people worldwide have …

Read more