It’s easy to say that your organization is committed to agile and DevOps. But actually transforming your organization and culture in order to get agile and DevOps right is never easy.
Just ask the software professionals who gathered in Las Vegas in June for the first in-person Agile + DevOps West conference in over two years.
Across six days of training, workshops, networking events, and sessions, leaders from across the country gathered to learn and share ways to build more open, collaborative, and efficient development cultures. There was a palpable energy for those who were able to once again join old friends and colleagues in person–and there was also a lively virtual discussion for those who couldn’t make it to Las Vegas.
If you weren’t able to join us for the conference (or if you need a reminder), here are some of the key takeaways about where agile and DevOps leaders are struggling and how they can create key transformations in their organizations. Hint: It’s all about building the right culture.
Agile and DevOps transformations won’t succeed unless leaders break down silos between teams and team members.
In his pre-conference Agile and DevOps Leadership training and in an exclusive invite-only leadership breakfast, Coveros CEO Jeff Payne highlighted the three types of organizational cultures as identified by sociologist Ron Westrum: pathological, bureaucratic, and generative.
The goal for any effective agile or DevOps transformation should be to create a generative culture that prioritizes collaboration.
Payne asked leaders at the leadership breakfast to rate their organizations along key attributes of a generative culture: increased collaboration, shared responsibility, no silos, autonomous teams, building quality in, valuing feedback, and automation.
One of the lowest-rated attributes among leaders was no silos, meaning leaders struggle to ensure openness across teams. In digging deeper into the challenges they faced, leaders identified the need to increase collaboration and share risks across teams and to change the mindset in their org to accept feedback and input from all team members.
So, how can organizations break down silos in agile? In a technical presentation he delivered later in the conference, Jeff Payne talked through approaches for breaking down silos specifically in scrum environments:
- Encourage team-based activities by restructuring activities to design, build, and test as a team with the mindset that if everyone’s not done, no one is done.
- Quantify success by defining a clear definition of done (DoD) for stories and sprints and move toward a DoD for producing releasable code, instead of just working code.
- Pair developers and testers to reinforce collaboration by having them create acceptance tests together upfront and review each other’s tests for completeness.
Without this open, collaborative, team approach, organizations will never be able to achieve a fully successful agile or DevOps transformation, Payne says.
To build an effective agile or DevOps culture, leaders have to tell the right stories.
Lee Eason, director of DevOps at Edward Jones, kicked off Agile + DevOps West with his keynote “The Art of Storytelling in the Craft of Product Development.”
Eason told the story of his work leading a DevOps transformation in a previous role at a fintech company. The head of engineering at the organization was leading a manual release process that made it almost impossible to add new customers to the company’s fintech product.
Eason met with the head of engineering to understand the roadblocks to a more automated, efficient release process. What he learned was that the head of engineering was opposed to automating the process because he reveled in working around the clock to be the “hero” of his own story in which he manually ensured updates were released.
“He [the head of engineering] had created a story in his own mind where he was the hero,” Eason said. “He was the savior. He needed the world to work this way because his character demanded that it worked this way. He didn’t want to fix all the problems that were causing all the pain in his life, because his life was saving the company again and again and again.”
“Narratives build empathy,” Eason added. Instead of seeing this person as a roadblock, Eason worked to reorient his story by giving him the responsibility (and credit) for driving the automation process.
Only by understanding everyone’s individual story and perspective–from team members to customers–can true cultural change happen.
Organizations aren’t prioritizing software security–and it’s making the world less safe.
Software industry leaders understand the vulnerabilities caused by poor application security.
But, when it comes to making the choice between investing in security or adding new features, Coveros CTO Tom Stiehm says organizations usually choose the new features.
In his session “Putting Application Security in Agile Development,” Stiehm said “What we’re good at as an industry is using tools to find known bugs and defects. We’re not so good at then prioritizing fixing those bugs we find. We’re not that good at finding unknown flaws–they’re called zero days. These are things that you don’t know about that attackers can use to exploit your system and gain information they’re not supposed to have. We’re not good at building security into products.”
This inability to proactively address security concerns is something that has made software the number one cause of data breaches, as Tanya Janca, the founder and CEO of We Hack Purple, told the crowd at her keynote presentation. Janca also cited a GitHub study that found that there are 500 software developers for every 1 security developer in the world. This clearly shows the lack of emphasis software organizations are putting on security.
Given this historic lack of emphasis on security, how can organizations build security into their culture and development now?
Stiehm outlined three proactive steps to get started on the path to better security:
- Architect and design security in from the start based on your organization’s threat modeling analysis.
- Include security in your DevOps pipeline from the start.
- Take time to analyze and remediate AppSec findings.
For development, testing, and security teams alike, Janca says agile organizations “must have accuracy, you must have speed, and you must be able to automate as much as possible.”
Are you working to drive a transformation in your organization? We’ve helped organizations of all sizes and industries effectively transform their cultures and processes to make agile and DevOps work for them. Learn more about our work.