SP HAMMAD
Menu

SKILLS & TRICKS

Security Patching & Vulnerability for Agile Scrum Teams

12/3/2019

0 Comments

 
​We have all gone through this cycle of vulnerability detected and patches applied in our careers. Some of us still go through this vicious cycle of tense, challenging and nerve wrecking moments when you are racing against time and people in business are asking for updates while the customer support is assuring the customers with eyes on the screen waiting for the announcement "Patch Applied", "Service Restored" etc

Software Patch and Vulnerability Management continue to be a major challenge for many organizations. There is no single software product or vendor source of these vulnerabilities.  Organizations must consider patching at all levels of software and only applying Microsoft Patch through Tuesday updates to protect systems and data from cyber-attack is not sufficient.
Picture
Organizations that were diligent with Microsoft patches avoided WannaCry related ransomware. However, flaws with Apache Struts and Intel Processors left organizations vulnerable to cyber-attack (e.g., Spectre and Meltdown).

A lot of software companies have elected to stop providing individual patches each release period. Instead, separate and distinct patches are bundled in a roll-up model. The reason for this change is to prevent patch fragmentation that led to problems like dependency errors, lengthy scans, and testing complexity. This practice has created an all or nothing condition for customers in which selecting individual patches are no longer available. Further, software companies are building these patch bundles in a monthly rollup manner. These patch bundles not only contain all the recently announced patches, but also the previously shipped patches. This cumulative update model is intended to improve security, quality, and reliability.  Yes i am referring to the Microsoft and Adobe model, h
owever with this model in practice comes the requirement for customers to perform extensive application program compatibility testing in a short period of time—especially when functionality and non-functionality (i.e., security) code changes are mixed in the update. The days of cherry-picking patches are over.

Orchestrating patching is complex and costly. Patching has many dependencies including asset management,  notification tracking, risk assessment, patch preparation, QA, release management, communications, and auditing. As with the installation of any software update, many teams must collaborate to ensure success and avoid unintended interruption of service. If any of these teams are not resourced and prepared for this demand, then patches are not properly tested and announced prior to deployment creating availability and integrity risks. If patch deployment is delayed to perform necessary QA and communication, vulnerabilities linger longer for cyber- criminals to discover and exploit. Traditional operations and project management methods of patching are not nearly rapid enough.

Sadly most organizations claim to have adopted the Agile methodology which is an iterative approach to software development and delivery but fail to address when it comes to the needs of patch upgrades and its mostly neglected until an incident takes place. I'll try my best to summarize how Agile can be implemented for patch vulnerability assessment and the structure through which you will be able to maintain pace as well as deliver quality.

Read More
0 Comments

Concept of Agile Leadership & Transformation

9/6/2019

0 Comments

 
​I don't claim that i am an expert on this subject and still there is a long curve of learning involved as my career grows in to new roles. What i am sharing here are some of my observations, notes references etc related to agile leadership and how well an organization should adopt them for survival.  Let’s examine some favorite ideas and concepts around agile leadership. 
Picture

Success Criteria

In my experience, there are at least five criteria for successful agile transformations. Lasting organizational change happens:
  1. When there are leadership and guidance, not command & control.
  2. When there is alignment across the organization instead of the pursuit of local optimization efforts or personal agendas.
  3. When the collaboration of all participants beyond hierarchies is the norm, not an exception.
  4. When we acknowledge that management principles of the 19th century are unsuited to solve complex problems of the 21st century.
  5. When managers become servant leaders.
​
The following  focus on the main concepts related to agile leadership: from servant leadership to the agile mindset to creating a learning organization. The lists are not supposed to be comprehensive but provide the interested reader with a starting point for further research.

Read More
0 Comments

Basics of SCRUM - Part 3

12/27/2018

0 Comments

 

Scrum Artifacts

​Scrum Artifacts – results/products of our management activities – are designed to increase transparency of information related to the delivery of the project, and provide opportunities for inspection and adaptation.

​There are six artifacts in Scrum:

  1. Product Backlog: An ordered list of everything (aka stories) that might be needed in the final product
  2. Sprint Backlog: Selected items (stories) from the Product Backlog to be delivered through a Sprint, along with the Sprint Goal and plans for delivering the items and realizing the Sprint Goal
  3. Increment: The set of all the Product Backlog items completed so far in the project (up to the end of a certain Sprint)
  4. Definition of “Done”: The shared understanding of what it means for a piece of work to be considered complete
  5. Monitoring Progress towards a Goal: The performance measurement and forecast for the whole project
  6. Monitoring Sprint Progress: The performance measurement and forecasts for a single Sprint

​Items 5 and 6 might look more like activities, but they are considered artifacts in the Scrum Guide, and therefore we will explain them as so. You can imagine their output (tracking information, burn-down charts, etc.) as the real artifacts and these two items as ongoing activities (like Product Backlog grooming) or part of the Scrum events (part of Sprint Review and Daily Scrum).

1. Product Backlog

​The Product Backlog is an ordered list of everything that might be needed in the final product of the project, in other words parts of the expected final product (a wishlist). All items are described in simple business language (non-technical) and all of them are presentable to every stakeholder. Every requirement and every change in the project will be reflected in the Product Backlog.

The Product Backlog is dynamically changing and improving; it is never complete. We do not wait until the Product Backlog is complete to start delivering the items; the first Sprint can be started as soon as the Product Backlog has a sufficient number of stories
defined.
Picture
Picture

Read More
0 Comments

Basics of SCRUM - Part 2

12/20/2018

0 Comments

 
In Part 1 we extensively covered   the basics about Scrum, Agile Manifesto , the Principles, facts and myths about Scrum and the roles within the team. 

In this post we will concentrate on understanding  and will do a deep dive analysis of:

- Scrum Events
- Scrum Activity - Backlog Grooming
​- Scrum Activity - Slack

SCRUM Events

Scrum events are designed to enable critical transparency, inspection, regularity, and adaptation. You must prefer to use these predefined meetings with fixed objectives and maximum durations instead of ad-hoc meetings, which most likely waste our time.

There are just five events in a Scrum Project:

1. Sprint: Each Scrum project is a set of Sprints. A Sprint is a container for the four other events (as represented in the above diagram), development effort, and the maintenance of the Product Backlog.

2. Sprint Planning: Sprint Planning is the first event inside a Sprint. The Scrum Team plans the items they are going to deliver in the Sprint and the way they will deliver them.

3. Daily Scrum: The Development Team starts working on the objectives of the Sprint as soon as Sprint Planning is completed. During the Sprint, the Development Team holds a daily meeting (normally 15 minutes) to coordinate the work for the next 24 hours. This meeting is called the Daily Scrum.

4. Sprint Review: Before the end of the Sprint, the Development Team presents (demonstrates) the outcome of the Sprint to the customer and receives feedback. This meeting is called Sprint Review (also known as Sprint Demo).

5. Sprint Retrospective: After the Sprint Review and just before the Sprint is over, the Development Team holds an internal meeting to review the Sprint and use it to improve the process (lessons learned) in the next Sprint. This meeting is called Sprint Retrospective.
SCRUM Events

Time Box Concept

Time Box is an essential concept in Agile methods, a predefined fixed maximum duration of time in order to maximize productivity in which we freeze the target and work with full focus on certain tasks or objectives. Time-boxed events  repeat many times, until the final goal of the project is achieved. All the changes are applied only when one time-box is finished and we are ready to start the next one.

The duration of a time-box should be agreed upon and fixed. We are free to change the duration based on lessons learned, but not frequently, and never based on single occasions. For example, we are not allowed to say that “we have a lot to do this time, so let’s increase the duration for this particular case”.

What we are allowed to say is “based on the previous ten time-boxes, we realized that the duration of our time-boxes is not suitable, and a 30% increase in duration might better fit our needs. So, let’s increase them from now on”.
Picture

Read More
0 Comments

Basics of SCRUM - Part 1

11/30/2018

1 Comment

 
After some thought i have decided to write and share some of the basics about Scrum. A lot of people have different views, theories and ways of doing things which they call Scrum. While i do not contest some of those practices but its essential to understand the concepts and strongly agree that every organization team will need to mold and churn some process to make things work. 

So in this series of blogposts, the first one will be addressing the following:

- Scrum and Agile
- Agile Manifesto
​- Agile Principles
- When to use Scrum VS other Methods
- Facts and Fibs about Scrum
- Scrum Timeline
- Scrum Roles and Team

At a later time, i'll share the more advanced stuff and also touch base with SAFE.

Scrum and Agile

It is not possible in some projects (especially in IT projects) to gather all the requirements upfront because of their extreme uncertainties. Therefore, we need a project management method flexible enough to deal with many change requests that appear during the project and keep the project team productive.

There are a number of systems designed to provide these two properties, and a group of them are called Agile Frameworks. Scrum is a project management method of the Agile group; it is the most famous and the most broadly used one.

Scrum is based on a certain process, which i'll explain in the next few blogposts as we progress. This Scrum process will not be effective, unless it is combined with certain roles and artifacts.
Picture

Read More
1 Comment

    Archives

    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    November 2017
    October 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    July 2016
    December 2014

    Categories

    All
    Agile
    Analysis Of Metrics
    CMS
    DevOps
    Digital Workplace
    Guideline
    Microsoft
    Microsoft Azure
    Microsoft Teams
    Microsoft WPC 2016
    MS Ignite
    Niteco
    Office 365
    Office 365 CDN
    Personalization
    PowerShell
    Project Management
    Scrum
    SharePoint
    SharePoint 2013
    SharePoint 2016
    SharePoint Framework
    Sitecore
    Sitecore 9
    Sitecore Symposium
    Software Project Audit

    RSS Feed

    Picture

Feel free to connect and Subscribe for updates!

SKYPE

hammad.ahmad

Telephone

+62 81316905997

Email

hammad@sphammad.com
  • Home
  • About Me
  • Blog
  • Contact
  • Home
  • About Me
  • Blog
  • Contact