Index
Note: Locators followed by an italicized n indicate a footnote.
A
A priori change control, 19
A priori changes, 177
Aggressive team members, 331–333
designing circuit chips, real-world example, 58
DevOps for customers, 59
documentation, 60
hybrid of agile and non-agile methods. See Hybrid agile.
importance of, 50
RAD (rapid application development), 52–54
rapid iterative development, 52–53
standard terminology, 51
Agile manifesto
items on the left, 56
principles of, 56–57. See also specific principles.
responding to change over valuing a plan, 118
standards and frameworks, 68
working software over comprehensive documentation, 110–111
Agile principles
agile process maturity, 69–70, 76
under ALM, 76
in IT operations, real-world example, 210
service desks, 210
adjusting ceremony, 75
agile principles, 76
applying the principles, 69–70
coexisting with non-agile projects, 75
consensus within the agile community, 71
consistency across the enterprise, 78–79
continuous process improvement, 79
delivering on time within budget, 77
epics and stories, 70
firmware development, 80
goals of, 62
hardware development, 80
importance of, 62
in law enforcement, real-world example, 66
marketing the new approach, 79
one CIO’s view, real-world example, 73
PMO (project management office) metrics, 80
quality, 77
recognition by the agile community, 70–71
recognizing an immature process, 72
scalability, 77
self correction, 79
test cases for trading systems, real-world example, 70
transparency, 76
vendor management, 80
version control, real-world example, 63
Agile process maturity, overview
coexistence with non-agile projects, 68
comprehensive processes, 66–67
continuous process improvement, 69
dysfunctional agile, 65
purity measure, 64
scalability, 66
standards and frameworks, 68
traceability, 67
transparency, 67
Agile processes
agile development versus iterative development, 16–17
disasters, transitioning from hybrid agile to agile, 255
hybrid of agile and non-agile methods. See Hybrid agile.
Agile service catalog, real-world example, 186
ALM (application lifecycle management)
agile methodology. See Agile ALM.
change management. See Change management.
mainframe. See Mainframe ALM.
purpose of, 6
versus software delivery lifecycle, 7
versus systems delivery lifecycle, 7
ALM (application lifecycle management), overview
addressing the business silo, 13
audit and regulatory compliance, 24
automation, 21
build engineering, best practices, 18
change management, best practices, 19
change management, goal of, 22
CI (continuous integration), 21–22
core configuration management, 17–21
deployment, best practices, 20–21
deployment, continuous. See CD (continuous deployment).
versus development lifecycle, 9
DevOps, 23
environment management, best practices, 19
financial systems infrastructure, real-world example, 14
integration across the enterprise, 25
IT governance, 23
mature processes versus fluid, 16–17
QA (quality assurance), 25
rapid iterative development, 17
release management, best practices, 19–20
retrospectives, 23
risk, from a business focus, 13–15
role of personality, 26
scope of, 9
SDLC (software development life cycle), 10–11
source code management, best practices, 17–18
testing, 25
Ambler, Scott, 347
American Foundation for the Blind (AFB), 218
Anderson, Hans Christian, 71–72
Application design, automating, 111
Application management, IT operations, 208
Applications, testing, 39
Archetypes, 319
Assessing success, with retrospectives, 235–236
Attended automation
agile ALM, 104
continuous deployment, 145
DevOps, real-world example, 226
Audit and regulatory compliance
assessing existing practices, 283–284
audit and accountability, 277
essential requirements, 283
external audits, 277
identifying standards and frameworks, 275
importance of, 274
improving quality and productivity, 283
IT governance, 271
overview, 24
retrospectives, 244
Audit and regulatory compliance, federal guidelines
banking oversight, 282
Cobit as framework for IT controls, 280
COSO (Committee of Sponsoring Organizations), 279
essential components of internal control, 279
FINRA (Financial Industry Regulatory Authority, Inc.), 280
GAO (Government Accountability Office), 281–282
guidelines on internal controls, 282
HIPAA (Health Insurance Portability and Accountability Act) (1966), 280–281
ISACA Cobit, 281. See also Sarbanes-Oxley Act of 2002.
management assessment of internal controls, 278–279
OCC (Office of the Comptroller of the Currency), 282
oversight of securities firms, 280
Sarbanes-Oxley Act of 2002, 278–280. See also ISACA Cobit.
self-administered risk assessment surveys, 280
for senior management responsibility, 278–280
Audit and regulatory compliance, real-world examples
audit and accountability, 277
internal audits, 276
Automation
application design, 111
attended automation, 104
change management, real-world example, 173
code quality instrumentation, 111–112
environment management, 114–115
epics and stories, creating, 111
goals of, 103
for implementation, 119
incident management, 117
IT workflow, real-world example, 196
keyman risk, 108
lifecycle management, 109
operations, 116
overview, 21
PMO (project management office), 118
process modeling, 108
project management, 118
requirements management, 110–111
service desk, 117
systems design, 111
TDD (test-driven development), 113–114
testing the lifecycle, 112
tool agnosticism, 106
tools for. See Tools, for automation.
use cases, defining, 119
workflow, 108
workflow, continuous deployment, 148–150
automation tools, 94
build robots, 99
code scans, 100
detection of unauthorized changes, 96–97
unit tests, 100
Autonomy, 339
B
Banking oversight, federal guidelines, 282
Banking systems
change management, real-world example, 165–166
continuous deployment, real-world example, 156
Baseball players and mistakes, real-world example, 236
Bimonthly deployments, real-world example, 146–147
The blind, real-world example of delivering retrospectives, 238–239
Boehm, Barry, 53
Books and publications
Configuration Management Best Practices: Practical Methods that Work in the Real World, 18, 348
The Software Project Manager’s Bridge to Agility, 6
Broderick, Stacia, 6
Build engineering
automation. See Automation, build engineering.
best practices, 18
build robots, creating, 99–100
build tools, 101
building quality in, 100
code scans, 100
compile dependencies, 98
components of the build, 93–94
cryptographic hashes, 96
definition, 91
detecting unauthorized changes, 96–97
failure, real-world example, 94
hackers, 95
IDEs (integrated development environments), 93
importance of, 92
instrumenting the code, 101
physical configuration audit, 98
secure trusted base, creating, 95–96
unit tests, 100
Build farms. See CI (continuous integration), build farms.
Build management, cloud-based ALM, 289
Build robots, creating, 99–100
Build servers. See CI (continuous integration), build farms.
Build tools, 101
Building quality in, build engineering, 100
Business continuity, 230
Business focus, overview, 11–15
Business management, IT operations, 205–206
Business silos. See Silo mentality.
C
CAB (change advisory board), 176, 202. See also CCB (change control board).
Canary deployment, cloud-based ALM real-world example, 290
CASE (computer-aided software engineering), 53
CBOE (Chicago Board Options Exchange) shut down, real-world example, 329
CCB (change control board), 176, 291. See also CAB (change advisory board).
addressing the culture, 141
attended automation, 145
banking system, real-world example, 156
bimonthly deployments, real-world example, 146–147
breaking into smaller pieces, 145–146
CI (continuous integration), 138
container-based deployment, 144
versus continuous delivery, 22, 139–140
copying files, 142
data processing director, real-world example, 149
definition, 22
eliminating problems, real-world example, 41
emergency medical tech, real-world example, 142
environments that mirror production, 152–153
ergonomics, 150
failure, 155
getting started, 141
Hibernate, real-world example, 153–154
identifying dependencies, 152
importance of, 140
Maven, real-world example, 153–154
monitoring, real-world example, 152
moving targets, real-world example, 143–144
nuclear power plant, real-world example, 150
overview, 22
police force, real-world example, 149
rapid incremental deployment, 143–144
risk management container-based deployment, 144–145
sarin gas, real-world example, 154–155
in the software development process, 41
training, 147
WIP (work in progress), 149
Center for Internet Security (CIS), 209
Centralized service desks, 210
adjusting, 75
in agile process maturity, 62
definition, 12
retrospectives, 245
Change advisory board (CAB), 176, 202. See also CCB (change control board).
Change control
bypassing on mainframe ALM, 301
in the software development process, 47
Change control board (CCB), 176, 291. See also CAB (change advisory board).
Change evaluation, standards and frameworks, 204
in ALM, 166
best practices, 19
CAB (change advisory board), 176
CCB (change control board), 176
change ecosystem, 167
compliance, 164
continuous process improvement, 183–184
cross-enterprise coordination, 180–181
cross-platform coordination, 180
feedback loops, 171
fiefdoms, 181
importance of, 162
last responsible moment, 118
normal changes, 175
organizational structure, 176
overview, 22
pre-approved changes, 174, 175
a priori change control, 19
problems versus incidents, 172–173
publishing changes back to the system. See Rebasing.
QA (quality assurance), 167–168
SEPG (software engineering process group), 166
in the software development process, 33–34
specialized change control, 182
standard changes, 175
standards and frameworks, 202, 205
traceability, 164
troubleshooting, 169
vendor change control, 182
Change management, change control topology
configuration control, 178–179
emergency change control, 179
gatekeeping, 177
normal changes, 180
preapproved changes, 180
a priori changes, 177
process change control, 179
RFC (requests for change), 177–178
SEPG (software engineering process group), 179
standard changes, 180
Change management, process description
change request boards, 174. See also CAB (change advisory board); CCB (change control board).
post-implementation reviews, 175. See also Retrospectives.
pre-approved changes, 174
Change management, real-world examples
automation system, 173
global incident response, 170
in a government agency, 181
mainframe outage, 171
negative attitudes towards, 163
problems, learning from, 173
QA (quality assurance), 168
service providers, 183
storage, 162
technical debt, 165
troubleshooting, 169
upgrading a GPS, 183
Change planning, software development process requirements, 36
Change request boards, change management, 174
Chaos monkeys, real-world example, 227
Cherry picking, 124
Chicago Board Options Exchange (CBOE) shut down, real-world example, 329
change status, tracking, 202
versus CI (continuous integration), 151n
naming conventions, 203
status accounting, 203
version IDs, embedding, 97
version IDs, verifying, 151
across the enterprise, 135–136
build and deploy framework, 129
cherry picking, 124
code reviews, 127
continuous deployment, 138
definition, 121
deployment, 136
getting started, 123
identifying milestone releases, 138
integrating smaller units, 126
late-binding integration, 122, 124
left-shift preflight builds, 129
merges, problems with, 125
preflight builds, 129
principles of, 123
rapid iterative development, 86–87
real-world example, 40
rebasing, 125
right-shift preflight builds, 129
in the software development process, 39
testing, 136
training and support, 136
vendor-provided resources, 129
CI (continuous integration)
versus CI (configuration item), 151n
CI (continuous integration), build farms
definition, 127
ON-PREM (on premises) hypervisors, 128–129
real-world example, 128
CI (continuous integration), frequency
broken builds, fixing, 127
finding issues, 126
CI (continuous integration), real-world examples
build farms, 128
information overload, 131
merges, 122
off-shore support and collaboration, 132
process managers, 137
stock trading, 124
tax preparation, 134
CI (continuous integration), tools for
shared repositories, selecting, 135
CIRT (critical incident response team), 189–190
CIS (Center for Internet Security), 209
Cloud-based ALM
CMDB (configuration management database), 296
community editions of vendor tools, 287
cost control, 296
development environments, 295
DevOps, 296
DML (definitive media library), 296
environment management, 295–296
importance of, 286
IT operations, 209
iterative development, 293
managing the lifecycle, 292
PaaS (Platform-as-a-Service), 287
planning, 296
risk management, 294
SaaS (Software-as-a-Service), 287, 293
seamless integrations, 292–293
service provider change notification, 291
SLAs (service-level agreements), 294
test environments, 295
tools, 292
Cloud-based ALM, developing in the cloud
build management, 289
canary deployment, real-world example, 290
deployment, 290
nonrepudiation, 290
overview, 288
source code management, 288–289
Cloud-based ALM, real-world examples
bad service, 292
upselling, 292
assessment, 263
in ISACA Cobit, 205
CMDB (configuration management database), 115, 296
Cobit as framework for IT controls, 280
Code quality instrumentation, automating, 111–112
Code reviews, CI (continuous integration), 127
Code scans, 100
Collaboration. See also Communication; DevOps.
CI (continuous integration), 131–132
DevOps developers and operations, 216–218
off-shore support, real-world example, 132
Collective unconscious, 318–319
Command center for change management, 169–170
Commercial off-the-shelf (COTS) software, 32
Commercial tools versus open source, 106–107
Committee of Sponsoring Organizations (COSO), 279
Communication. See also Collaboration; DevOps; Personality and ALM.
anecdote: the ship and the lighthouse, 45
CI (continuous integration), 131–132
delivering bad news, 238
with management, real-world example, 14–15
rhythms, 319
styles, 317
transparency to senior management. See IT governance.
up the chain of command, 264–265
Compile dependencies, build engineering, 98
Complexity management
rapid iterative development, 86
in the software development process, 33–34
Compliance, change management, 164
Comprehensive processes, agile process maturity, 66–67
Computer-aided software engineering (CASE), 53
Configuration audits, 203, 228
Configuration change control, standards and frameworks, 203
Configuration control, 178–179, 228
Configuration identification, standards and frameworks, 203
Configuration item (CI). See CI (configuration item).
Configuration management (CM). See CM (configuration management).
Configuration Management Best Practices: Practical Methods that Work in the Real World, 18, 348
Configuration management database (CMDB), 115, 296
Configuration verification, standards and frameworks, 203
Conflicts, DevOps developers and operations, 216
Consensus within the agile community, agile process maturity, 71
across the enterprise, agile process maturity, 78–79
of purpose, 48
Container-based deployment, 144–145, 227–228
Continuous delivery
versus continuous deployment, 22, 139–140
hiding new features from the users. See Feature toggle.
in the software development process, 41
Continuous deployment (CD). See CD (continuous deployment).
Continuous integration (CI). See CI (continuous integration).
Continuous process improvement. See also Retrospectives, as process improvement.
agile process maturity, 69, 79
DevOps, 231
IT governance, 270
IT operations, 200
in the software development process, 48
Continuous testing, 311
Controlled isolation, rapid iterative development, 85–86
Copying files, continuous deployment, 142
Core configuration management, overview, 17–21
Corporate politics, retrospectives, 245
COSO (Committee of Sponsoring Organizations), 279
Cost control, cloud-based ALM, 296
COTS (commercial off-the-shelf) software, 32
Crisis management, retrospectives, 243–244
Critical incident response team (CIRT), 189–190
Cross-enterprise coordination, change management, 180–181
Cross-functional teams, 220–221
Cross-platform coordination, change management, 180
Cryptographic hashes, 96
Csikszentmihalyi, Mihaly, 335–336
Customer collaboration, in agile ALM, 58–59
Customer interface, cloud-based ALM, 293–294
Customers, retrospective participation, 240
Cutting corners, real-world example, 44
Cybersecurity and the future of ALM, 348–349
D
Data processing director, real-world example, 149
Database administrators, real-world example of communication with, 198
The deaf, real-world example of delivering retrospectives, 238–239
Defect triage with retrospectives, 243
Defects, linking to requirements, 110
Definitive media library (DML), 115, 296
Delivering on time within budget, agile process maturity, 77
Deming, W. Edwards
consistency of purpose, 48
importance of healthy behaviors, 335–336
productivity, 78
testing versus building quality in, 77–78
Deming, W. Edwards, driving out fear
agile transformation, 72
communicating up the chain of command, 265
communicating with stakeholders, 44
fear of criticism, 224
organizational culture, 328
planning, 68
testing requirements, 34
Dependencies, identifying for continuous deployment, 152
Dependency control, DevOps, 227–228
Deployment
automation, DevOps, 225
CI (continuous integration), 129, 136
cloud-based ALM, 290
continuous. See CD (continuous deployment).
goal of, 21
rolling back a promotion, 20–21
Deployment pipeline, 141–142, 225–227
Designing circuit chips, real-world example, 58
Designing systems, in the software development process, 37–38
Developer and operations collaboration, real-world example, 217, 218
Developer view, on transitioning from hybrid agile to agile, 256
Developers, retrospective participation, 240
Developing software. See Software development process.
Development environments, cloud-based ALM, 295
Development lifecycle, versus ALM, 9
automating deployment, 225–227
automation, 230
business continuity, 230
cloud-based ALM, 296
complexity, 230
configuration audits, 228
configuration control, 228
container-based deployments, 227–228
continuous process improvement, 231
cross-functional teams, 220–221
for customers, 59
deployment automation, 225
developers and operations, collaboration and conflicts, 216–218
disaster recovery, 230
document review, 218
driving out silo mentality, 119
goals of, 213
importance of, 214
information security, 229
infrastructure as code, 229–230
IT operations, 200
mainframe ALM, 302
managing power and influence, 321–323
microservices, 227
need for rapid change, 218–219
organizational ecosystem, 222–223
overview, 23
QA (quality assurance), 229
retrospectives, 241
secure trusted application base, 228
in the software development process, 43–44
stakeholders, earlier involvement, 223–224
team size, 219
two-pizza theory, 219
waterfall development, 222
DevOps, moving the process upstream
overview, 223
right-shift, 224
DevOps, real-world examples
AFB (American Foundation for the Blind), 218
attended automation, 226
chaos monkeys, 227
cross-functional teams, 221
deployment automation, 226
developer and operations collaboration, 217, 218
DevOps in development, 225
document review, 218
earlier team involvement, 223
knowledge management, 220
management, effects on team behavior, 221
moving the process upstream, 223
team size, 219
two-pizza theory, 219
volleyball behaviors, 221
waterfall development, 222
DevOps in development, real-world example, 225
Disaster recovery, 230
Disciplined Agile Delivery, 347
Disk space shortage, troubleshooting, 189
DML (definitive media library), 115, 296
Document review, 218
Documentation
agile ALM, 60
on an ambulance, real-world example, 12
requirements for transitioning from hybrid agile to agile, 257
in the software development process, 42–43
working software over comprehensive documentation, 56, 110–111
writing, real-world example, 43
Dress rehearsal, continuous deployment, 154–155
Driving out fear
agile transformation, 72
communicating up the chain of command, 265
communicating with stakeholders, 44
fear of criticism, 224
organizational culture, 328
planning, 68
testing requirements, 34
Dysfunctional agile, agile process maturity, 65
E
Eccentric behavior in the workplace, 333–335
Embedding testers, 312
Emergency change control, 179
Emergency medical tech, real-world example, 142
Emperor’s New Clothes, anecdote, 71–72
Enterprise
cross-enterprise change management, 180–181
Environment management
best practices, 19
overview, 19
agile process maturity, 70
automating creation of, 111
definition, 70
in the software development process, 36
Ergonomics, continuous deployment, 150
Escalating problems, change management, 172–173
Event monitoring, change management, 168–169
Events
definition, 168
External audits, 277
Extremism in the workplace, 333–335
F
Facilitating training, in the software development process, 47–48
Facilities management, IT operations, 207
Failing fast, definition, 94–95
Family vacation, real-world example of hybrid agile, 255
Federal guidelines. See Audit and regulatory compliance, federal guidelines.
Feedback
change management, real-world example, 171–172
from change management, 171–172
Feedback loops, change management, 171
Fiefdoms, change management, 181
Financial systems infrastructure, real-world example, 14
Finley, Michael, 332
FINRA (Financial Industry Regulatory Authority, Inc.), 280
Firmware
aligning software to, real-world example, 84
development, agile process maturity, 80
Five-factor model of intergroup conflict, 323–324
Fixing what isn’t broken, real-world example in retrospectives, 235
Flooding in an IT facility, real-world example, 207
Football player, real-world example of retrospectives, 236–237
Friedman, Meyer, 331
Functional requirements, 35–36
Functional testing, 39
G
GAO (Government Accountability Office), 281–282
Gatekeeping, 177
Government agency, real-world example of change management, 181
GPS upgrade, real-world example of change management, 183
Group dynamics. See Personality and ALM, group dynamics.
H
Hackers, 95
Hardware development, agile process maturity, 80
Health Insurance Portability and Accountability Act (HIPAA) (1966), 280–281
Hedge fund trading systems, real-world examples
IT governance, 268
IT operations, 188
Help desks. See also Service desks.
avatars, real-world example, 194–195
real-world example, 193
virtual, real-world example, 194–195
Help desks, IT operations
developers on, 195
remote work, 194
Hibernate, real-world example, 153–154
Hidden agile, real-world example, 250
Hierarchy of needs and drives, 339
HIPAA (Health Insurance Portability and Accountability Act) (1966), 280–281
coexisting with non-agile projects, 68
goals of, 249
importance of, 250
pragmatic choices, 251
versus waterfall method, 251–252, 254, 256
Hybrid agile, real-world examples
family vacation, 255
hidden agile, 250
making a baby in one month, 254
management decision making, 258
measuring agility, 252
Hybrid agile, transitioning to agile
agile disasters, 255
choosing an agile pilot, 253
decisions at last responsible moment, 257
defining requirements, 254
developer view, 256
documenting requirements, 257
information radiators, 256
IT governance requirements, 258
mature agile, 258
organizational ecosystem, 257–258
securing sensitive information, 256
technology risk, 257
tracking progress, 255
versus waterfall method, 256
I
IDEs (integrated development environments), 93
Immature processes, recognizing, 72
Incident escalation, real-world example, 199
Incident management, automating, 117
Incident response, 170–172, 190
Incidents. See also Problems.
CIRT (critical incident response team), 189–190
identifying with retrospectives, 242–243
IT operations, 212
Information overload, real-world example, 131
Information radiators, 256
Information security, DevOps, 229
Infrastructure as code, 229–230
Instrumenting code, 101
Insurance company use of RAD, real-world example, 53
Integrated development environments (IDEs), 93
Integration across the enterprise
coordinating across systems, 307
enterprise ecosystem, 308
goals of, 305
multiplatform, 307
overview, 25
procurement and standards, real-world example, 306
release coordination, 308
Intergroup conflict. See Personality and ALM, intergroup conflict.
International corporations, cultures of, 317
Introspection and the postmortem, 327–329
ISO 15288, 32
IT controls, audit and regulatory compliance, 275–276
agile process maturity, 67–68, 75–76
audit and regulatory compliance, 271
communicating up the chain of command, 264–265
continuous process improvement, 270
importance of, 262
learning from mistakes, 270
organizational ecosystem, 270
overview, 23
requirements for transitioning hybrid agile to agile, 258
retrospectives, 244
scalability and resources, 268
time and resource management, 267–268
IT governance, real-world examples
configuration management assessment, 263
hedge funds, 268
police force, 265
reporting risks, 267
senior management, best practices, 270
senior management, decision making, 263
senior management, role of, 264
tool selection, 266
trading firms, 268
IT governance, senior management
communicating up the chain of command, 264–265
decision making, 263
excessive direct involvement, 269
application management, 208
automating, 116
CIRT (critical incident response team), 189–190
CIS (Center for Internet Security), 209
cloud based, 209
communication planning, 197
continuous process improvement, 200
controls, 206
DevOps, 200
facilities management, 207
importance of, 186
incidents, 212
interfacing with vendor operations, 209
knowledge management, 195–196, 212
middleware support, 208
organizational silos, 197
outsourcing, 209
problems, 212
retrospective participation, 241
shared services, 208
technical management, 206
workflow automation, 196
IT operations, help desks. See also IT operations, service desks.
developers on, 195
remote work, 194
IT operations, monitoring the environment
IT operations, real-world examples
agile principles, 210
agile service catalog, 186
communication planning, 197–198
database administrators, communication with, 198
escalating problems and incidents, 199
fixing what’s not broken, 187
flooding, 207
hedge fund trading systems, 188
help desks, 193
incident response, 190
IT facilities management, 207
KCG (Knight Capital Group), 187
mainframe programmers, 191–192
offshoring production support, 191–192
outsourcing service desks, 211–212
rebooting the system, 190
segregation of duties, 207
standards and frameworks, 201
troubleshooting disk space shortage, 189
VCS (version control system) failure, 197
workflow automation, 196
working across time zones, 193
IT operations, service desks. See also IT operations, help desks.
agile principles, 210
centralized, 210
overview, 210
specialized, 211
vendor escalation, 211
virtual, 211
IT operations, standards and frameworks
CAB (change advisory board), 202
change evaluation, 204
change management, 205
change management processes, 202
configuration audit, 203
configuration change control, 203
configuration identification, 203
configuration management, 205
configuration verification, 203
ISACA Cobit, 205
need for, 201
overview, 201
RCV (release control and validation framework). See ITIL v3.
RDM (release and deployment management), 203–204
request fulfillment, 204
SACM (service asset and configuration management), 202–203
SCMP (software configuration management plan), 203
service management processes. See ITIL v3.
status accounting, 203
Items on the left, agile manifesto, 56
Items on the right, agile manifesto, 56
Iterative development, 16–17, 293
J
Jung, Carl, 319
K
Kanban, in continuous deployment, 148–150
KCG (Knight Capital Group), real-world example, 187
Knowledge base, creating in the software development process, 47–48
Knowledge management
IT operations, 212
standards and frameworks, 204–205
L
Last responsible moment
decisions on transitioning from hybrid agile to agile, 257
planning decisions, 68
Late-binding integration, 122, 124
Law enforcement, real-world process maturity example, 66
Lean processes, CI (continuous integration), 137–138
Leffingwell, Dean, 347
Left-shift
moving the process upstream, 223–224
preflight builds, 129
Lifecycle management
automating, 109
cloud-based ALM, 292
Lifecycle phases, defining in the software development process, 41–42
Lifecycle testing, automating, 112
Lifeguard rule, QA and testing real-world example, 310
The lighthouse and the ship, anecdote, 45
M
DevOps, 302
goals of, 299
overview, 25
Mainframe ALM, real-world examples
bypassing change control, 301
mainframe culture, 300
outages, 171
root access, 302
Mainframe culture, 300
Maintenance and bugfixes, in the software development process, 46
Maintenance of the lifecycle, in the software development process, 47
Making a baby in one month, hybrid agile real-world example, 254
Management. See also Senior management.
decision making, hybrid agile real-world example, 258
effects on team behavior, real-world example, 221
traits of strong leaders, 336
Marketing the new agile approach, 79
Martin, James, 53
Maslow, Abraham, 339
Mature agile
hybrid agile, transitioning to agile, 258
one CIO’s view of agile process maturity, real-world example, 73
Mature processes versus fluid, 16–17
Maven, real-world example, 153–154
Measuring agility, real-world example, 252
Meetings, retrospectives, 241
continuous integration problems with, 125
real-world example, 122
Metrics
measuring agility, real-world example, 252
PMO (project management office) metrics, 80
retrospectives, 245
Microservices, 227
Middleware support, IT operations, 208
Milestone releases, identifying, 138
Mistakes
as feedback loops, retrospectives, 236, 237
management reaction to, 327
Mistakes, learning from
crises as opportunities, 48
IT governance, 270
in a police force, real-world example, 52
positive psychology of, 340–342
Monitoring continuous deployment, real-world example, 152
Motivation through threats, 334
overview, 223
real-world example, 223
right-shift, 224
N
New York Stock Exchange crash, 97–98
Nonfunctional requirements, 36
Nonrepudiation, 290
Nuclear power plant
continuous deployment, real-world example, 150
testing, real-world example, 39
O
OCC (Office of the Comptroller of the Currency), 282
OCEAN (openness, conscientiousness, extraversion, agreeableness, neuroticism) model of intergroup conflict, 323–324
Off-shore support and collaboration, real-world example, 132
Offshoring production support, real-world example, 191–192
ON-PREM (on premises) hypervisors, 128–129
Open source tools versus commercial, 106–107
Operations. See IT operations.
Organizational culture, agile ALM, 51–52
Outsourcing
IT operations, 209
Overly agreeable people, 323–325
Oxley, Michael, 278
P
PaaS (Platform-as-a-Service), 287
Paradigm shift for agile ALM, 51–52
archetypes, 319
collective unconscious, 318–319
communication rhythms, 319
communication styles, 317
goals of, 315
international corporations, 317
keyman risk, 317
managerial conflicts, real-world example, 316
organizational structures, 317–318
in retrospectives, 237
role of, overview, 26
Personality and ALM, getting started
organizational psyche, 318–319
understanding the culture, 316–318
Personality and ALM, group dynamics
in-group and out-group behaviors, 320–321
managing power and influence, 321–323
overview, 320
Personality and ALM, intergroup conflict
desired personality traits, 328
introspection and the postmortem, 327–329
management reaction to mistakes, 327
OCEAN (openness, conscientiousness, extraversion, agreeableness, neuroticism) model, 323–324
overly agreeable people, 323–325
Personality and ALM, positive psychology
autonomy, 339
hierarchy of needs and drives, 339
learning from mistakes, 340–342
traits of strong leaders, 336
Personality and ALM, stress management
aggressive team members, 331–333
eccentric behavior in the workplace, 333–335
extremism in the workplace, 333–335
motivation through threats, 334
type A and B personalities, 331–333
Physical configuration audit, 98, 115
Pilot system. See Proof of technology.
Planning
as a barrier to efficiency, 5
cloud-based ALM, 296
Platform-as-a-Service (PaaS), 287
Platforms, cross-platform change management, 180
PMO (project management office)
automating, 118
metrics, 80
POC (proof-of-concept), 106, 119
Police force, real-world examples
continuous deployment, 149
IT governance, 265
Positive psychology. See Personality and ALM, positive psychology.
Postmortems, introspection, 327–329
Preapproved changes, 174, 175, 180
Preflight builds, 129
Principles, of agile process maturity, 64–65
Probing and questioning, retrospectives, 241
Problem escalation
real-world example, 199
Problem management
CIRT (critical incident response team), 189–190
Problems. See also Incidents.
CIRT (critical incident response team), 189–190
identifying with retrospectives, 242–243
IT operations, 212
learning from, real-world example, 173
Process change control, 179
Process managers, real-world example, 137
Process maturity. See Agile process maturity.
Process modeling, automating, 108
Processes
adjusting ceremony, 75
testing, 39
Product management, IT operations, 205–206
Production support
in the software development process, 45–46
Productivity, improving through audit and regulatory compliance, 283
Project management, automating, 118
Project management office (PMO)
automating, 118
metrics, 80
Proof of technology, real-world example, 8
Proof-of-concept (POC), 106, 119
Psychology of personality. See Personality and ALM, positive psychology.
Publishing changes back to the system. See Rebasing.
Purity measure, agile process maturity, 64
Q
QA (quality assurance). See also Testing.
continuous testing, 311
DevOps, 229
goals of, 309
overview, 25
planning the testing process, 311–313
test cases, creating, 313
withholding information from, real-world example, 113
QA (quality assurance), real-world examples
bypassing quality assurance, 311
embedding testers, 312
first rule for lifeguards, 310
testing framework, creating, 312
Quality
building in, build engineering, 100
building in versus testing, 77
improving through audit and regulatory compliance, 283
R
RAD (rapid application development), 52–54
Rapid incremental deployment, 143–144
Rapid iterative development
in ALM, overview, 17
CI (continuous integration), 86–87
designing architecture, 87
development view, 85
goals of, 83
importance of, 84
managing complexity, 86
technology, 87
VCS (version control system), 87
RDM (release and deployment management), 203–204
Repeatability, continuous deployment, 147–148
Rebasing, 125
Rebooting the system, real-world example, 190
Recognition by the agile community, agile process maturity, 70–71
Red tape. See Ceremony.
Regulatory compliance. See Audit and regulatory compliance.
Release engineering, cloud-based ALM, 289–290
Release management
goal of, 20
Repeatable processes, agile process maturity, 76–77
Request fulfillment, standards and frameworks, 204
Requests for change (RFCs), 177–178
Requirements
for audit and regulatory compliance, 283
linking to defects, 110
in the software development process. See Software development process, requirements.
tracking to test cases, 110
for transitioning from hybrid agile to agile, 254, 257
Requirements management, automating, 110–111
Resource and time management, IT governance, 267–268
Responding to change over valuing a plan, 56, 118
Retrospectives. See also Reviews.
audit and regulatory compliance, 244
corporate politics, 245
defect triage, 243
DevOps, cross-functional view, 241
epics and stories, 241
getting started, 234
goals of, 234
importance of, 234
incidents and problems, 242–243
metrics and measurement, 245
overview, 23
probing and questioning, 241
red tape, 245
risk management, 244
running the meeting, 241
supporting IT governance, 244
Retrospectives, as process improvement. See also Continuous process improvement.
delivering bad news, 238
incidents and problems, 236–237
mistakes as feedback loops, 236, 237
overview, 235
personality factors, 237
Retrospectives, delivery modes
online, 239
teleconference, 239
video conferencing, 239
Retrospectives, participant perspective
customers, 240
developers, 240
operations, 241
testers, 240
Retrospectives, real-world examples
baseball players and mistakes, 236
delivery by the blind or deaf, 238–239
fixing what isn’t broken, 235
mistakes as feedback loops, 236
Reviews. See also Retrospectives.
after change management, 175
code, 127
document, 218
post-implementation, 175
RFCs (requests for change), 177–178
Right-shift
moving the process upstream, 224
preflight builds, 129
Risk assessment
continuous deployment, 153–154
vendor risks, 32
Risk management
cloud-based ALM, 294
continuous deployment, 153–154
retrospectives, 244
self-administered risk assessment surveys, 280
Risks
cloud-based resources, 129
keyman, 108
reporting, real-world example, 267
technical risk, rapid iterative development, 85, 87
vendor-provided resources, 129
Robbins, Harvey, 332
Root access, mainframe ALM, 302
Rosenman, Ray, 331
Royce, Winston, 256
Rubin, Ken, 347
S
SaaS (Software-as-a-Service), 287, 293
SaaS change control, change management, 182–183
SACM (service asset and configuration management), 202–203
SAFE (Scaled Agile Framework), 347
Sarbanes, Paul, 278
Sarbanes-Oxley Act of 2002, 278–280
Sarin gas, real-world example of continuous deployment, 154–155
Scalability
agile process maturity, 66, 77
and resources, IT governance, 268
Scientific Management, 10
SCMP (software configuration management plan), 203
Scope, of ALM, 9
Scope creep, real-world example, 11
SDLC (software development life cycle), 29. See also ALM (application lifecycle management); Software development process.
developing, real-world example, 42
managing, real-world example, 30
versus software development process, 29–31
versus systems development, 32
Seamless integrations, cloud-based ALM, 292–293
Secure trusted base
DevOps, 228
Securities firms, federal guidelines on oversight of, 280
Security
CIS (Center for Internet Security), 209
cryptographic hashes, 96
cybersecurity and the future of ALM, 348–349
detecting unauthorized changes, 96–97
hackers, 95
information security, DevOps, 229
physical configuration audit, 98, 115
securing sensitive information, 256
Segregation of duties, real-world example, 207
Self correction, agile process maturity, 79
Seligman, Martin, 326, 335–336, 337, 343
Senior management of banking, federal guidelines on responsibility, 278–280. See also Management.
Senior management of IT governance
communicating up the chain of command, 264–265
decision making, 263
excessive direct involvement, 269
Senior management of IT governance, real-world examples
best practices, 270
decision making, 263
role of, 264
SEPG (software engineering process group), 47, 166, 179
Service asset and configuration management (SACM), 202–203
Service desk, automating, 117
Service desks. See also Help desks.
agile principles, 210
centralized, 210
overview, 210
specialized, 211
vendor escalation, 211
virtual, 211
Service providers, real-world example of change management, 183
Service-level agreements (SLAs), 294
Shared services, IT operations, 208
The ship and the lighthouse, anecdote, 45
business silos, overview, 13
IT operations, 197
when selecting automation tools, 119
SLAs (service-level agreements), 294
Sliger, Michele, 6
Smoke testing, continuous deployment, 156–157
Software, real-world example of aligning to firmware, 84
Software configuration management plan (SCMP), 203
Software delivery lifecycle, versus ALM, 7
Software development life cycle (SDLC). See SDLC (software development life cycle).
Software development process. See also ALM (application lifecycle management); SDLC (software development life cycle).
change control, 47
CI (continuous integration), 39
continuous delivery, 41
continuous deployment, 41
continuous process improvement, 48
creating the knowledge base, 47–48
creating the right size process, 46
cutting corners, real-world example, 44
lifecycle phases, defining, 41–42
maintenance and bugfixes, 46
maintenance of the lifecycle, 47
SEPG (software engineering process group), 47
software development, 38
technical debt, 46
Software development process, defining
COTS (commercial off-the-shelf) software, 32
epics and stories, 36
getting started, 29
importance of, 28
SDLC (software development life cycle), 29
versus SDLC (software development life cycle), 29–31
test cases, real-world example, 35
vendor risk analysis, 32
Software development process, requirements
change planning, 36
nonfunctional, 36
testing, 35
validity, 34
workflow for defining, 37
Software development process, testing. See also QA (quality assurance); TDD (test-driven development); Testing.
applications, 39
functional, 39
nuclear power plants, real-world example, 39
processes, 39
unit, 39
Software engineering process group (SEPG), 47, 166, 179
The Software Project Manager’s Bridge to Agility, 6
Software-as-a-Service (SaaS), 287, 293
Source code management
goal of, 18
Specialized change control, 182
Specialized service desks, 211
Staffing service desks, 211–212
Stakeholders
Standards and frameworks
agile process maturity, 68
common lifecycle processes. See ISO 15288.
for IT operations. See IT operations, standards and frameworks.
real-world example, 201
software lifecycle processes. See ISO 12207.
Status accounting, standards and frameworks, 203
Stock trading, real-world continuous integration example, 124
Stopping the line
TDD (test-driven development), 37
Storage, real-world example of change management, 162
Stories. See Epics and stories.
Stress management. See Personality and ALM, stress management.
Sullivan, Harry Stack, 333
Systems delivery lifecycle, versus ALM, 7
Systems design, automating, 111
Systems development, versus SDLC, 32
Systems thinking, definition, 25
T
Tax preparation, continuous integration real-world example, 134
Taylor, Winslow, 10
TDD (test-driven development). See also Testing.
automated test scripts, 37
overview, 37
stopping the line, 37
Teams. See also Personality and ALM.
aggressive team members, 331–333
earlier involvement, 223–224. See also Moving the process upstream.
management, effects on team behavior, 221
optimal size, 219
two-pizza theory of team size, 219
Technical debt
change management, real-world example, 165
in the software development process, 46
Technical management, IT operations, 206
Technical risk, rapid iterative development, 85, 87
Technology, rapid iterative development, 87
Technology risk, transitioning from hybrid agile to agile, 257
Terminology pollution, 140
Test case management, automating, 112–113
Test cases. See also Use cases.
linking to defects, 110
real-world example, 35
tracking requirements to, 109
for trading systems, real-world example, 70
Test environments, cloud-based ALM, 295
Test-driven development (TDD). See TDD (test-driven development).
Testers
embedding, 312
retrospective participation, 240
withholding information from, real-world example, 113
Testing. See also QA (quality assurance); Software development process, testing; TDD (test-driven development).
CI (continuous integration), 136
continuous testing, 311
goals of, 309
overview, 25
planning the testing process, 311–313
requirements, 35
test cases, creating, 313
testing framework, creating, 312
Testing, real-world examples
bypassing testing, 311
embedding testers, 312
first rule for lifeguards, 310
Time and motion studies, 10
Time and resource management, IT governance, 267–268
Time zones, working across, 193
Tool agnosticism, 106
for CI (continuous integration), 134–135
selecting for IT governance, real-world example, 266
build engineering, 101
commercial versus open source, 106–107
evaluating, 106, 119. See also POC (proof-of-concept).
keeping current, 120
POC (proof-of-concept), 106, 119
scope of, 109
selecting, 119
tool agnosticism, 106
uses for, 94
Traceability
agile process maturity, 67
change management, 164
CI (continuous integration), 130–131
continuous deployment, 147–148
Trading firms, real-world example of IT governance, 268
Training and support
CI (continuous integration), 136
continuous deployment, 147
programs, developing, 120
Transitioning to agile. See Hybrid agile, transitioning to agile.
Transparency, agile process maturity, 67, 76
Tribal knowledge, mainframe ALM, 300–301
Troubleshooting, real-world examples
change management, 169
disk space shortage, 189
Trusted base, continuous deployment, 151–152
Tuning, CI (continuous integration), 137–138
Two-pizza theory of team size, 219
Type A and B personalities, 331–333
U
Unauthorized changes, detecting, 96–97
Unit testing, 39
Unit tests, build engineering, 100
Upselling from cloud-based ALM, real-world examples, 292
Use cases. See also Test cases.
automating creating of, 119
User stories. See Epics and stories.
Utilities. See Tools.
V
Validation, continuous deployment, 150–151
Validity, requirements, 34
VCS (version control system), 87, 124–125, 197
Vendor change control, 182
Vendor management
agile process maturity, 80
Vendor operations, interfacing with
escalating problems, 211
IT operations, 209
Vendor relationships, 120
Vendor-provided resources, CI (continuous integration), 129
Verification, continuous deployment, 150–151
Version control
CI (continuous integration), 124–125
real-world example, 63
VCS (version control system), 87, 124–125, 197
Version IDs, build engineering, 97–98
Virtualization, build farms, 128–129
Volleyball behaviors, real-world example, 221
W
Walkthroughs, continuous deployment, 154–155
Waterfall development
DevOps, 222
dysfunctional processes, 73–74
versus hybrid agile, 251–252, 254, 256
predicting the future, 16
real-world example, 222
WIP (work in progress), 149
Workflow, defining requirements, 37
Workflow automation
continuous deployment, 148–150
overview, 108
Working software over comprehensive documentation, 56, 110–111