The Phoenix Project - Book Review Plot Summary [1] Bill is an IT manager at Parts Unlimited. It's Tuesday morning and on his drive into the office, Bill gets a call from the CEO. The company's new new IT initiative, code named Phoenix Project, is critical to the future of Parts Unlimited, but the project is massively over budget and very late. The CEO wants Bill to report directly to him and fix need to tighten up our change controls… what’s preventing us from getting there?”  “That change management tool is impossible to use. There’s a million mandatory fields and most of the time, the drop down

Open Discussion on Project Planning Planning in an Agile Environment Key Tenets  Planning should focus strongly on the near term  Eliminate waste caused by planning for eventualities that never come

Versus Buy: In a world where IT capabilities were delivered as a single “product” at the end of a project, a “product” that then only required a bit of maintenance now and then, the economics of IT delivery uncertainties are not small potential deviations from the initial plan—they are the very substance of the project. The Agile way to deal with uncertainty is to create options and then “buy” information to more worried about the schedule for delivering what they think of as FOC. The perceived risk is that the project will be “finished” late.  This, as we know, is based on the outdated idea that we define the scope

centralized planning that could then be used to set boundaries for developers when they began a project. In other words, a vehicle for control. But standardization also imposes costs by:  limiting agility possible solutions to a problem.  if we mandate that projects reuse code whenever possible, each project may have to spend time searching archives of available code to find something that is a near fit time through incremental investments.  Managing the EA asset is an art, just as all strategic management is an art. Just as the CMO must sense market opportunities, weigh tactics for communicating with

is getting in our way as we try to become Agile. This frame of reference includes the notions of project, systems, application, investment, architecture, skill set, and accountability. We have, to be honest of the term – the Enterprise Architecture. The asset view of IT will substitute for the outdated project view in my vision for what IT leadership must become. Uncertainty and Risk: Third, underlying all do things best?  What is the value of adhering to a plan that was made at the beginning of a project, when uncertainty was greatest? Business value is destroyed only when we substitute extensive planning

Development  Operations (Operational Waterfall)  Infrastructure Ops  Product Ops  Product Management  Every technology under the sun  Solaris, Windows, Linux  Apache, IIS, TCServer, etc.  Oracle, DB2, SQL Server  How we got better  We read and we studied.  Created a self-improvement project  2 week iterations, planning and demos  Put everything into a repository (configurations, scripts homogenization and assimilation – no snowflakes  Deployment methodologies, automation, monitoring, and management tested continuously. Steve Barr steve.barr@csgi.com @srbarr1 Overall Quality improvements, “it”

Security Stack enables: correlated and centralized logs, container security, east/west traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based This can also be used to send notifications when there is anomalous behavior. 4. Vulnerability Management 5. A service mesh proxy to connect to the service mesh 6. Zero Trust down to the container Repository (DCCSCR) https://dcar.dsop.io/ DSOP Group Workspace https://dccscr.dsop.io/dsopDCCSCR Project Page https://dccscr.dsop.io/dsop/dccscr

find and fix as part of their daily work 1. Facebook HipHop PHP compiler – resulted from hack day project. Small team refined it over 2 year period and allowed Facebook to handle 6X production load compared testing efforts – Part 6: The Technical Practices of Integrating Information Security, Change Management, and Compliance 1. Introduction a. Goal to simultaneously achieve Information Security goals Pipeline a. INTEGRATE SECURITY AND COMPLIANCE INTO CHANGE APPROVAL PROCESSES i. Effective change management recognized different risks associated with different types of changes, to be handled differently

a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System and application failures occur, adding more testing could backfire, especially if the testing is at the end of a project and/or manual 1. Manual testing is slower and more tedious 2. Tends towards increasing batch sizes

 working off a single backlog of features, driven by vision and roadmap  product and release management, release planning  program psi objectives  common sprint lengths - system continuous integration  business epics  architectural epics  kanban epic system – limit WIP  program portfolio management, enterprise architect  value streams  investment themes - provide operating budgets for release