Application Security Testing: An Integral Part of DevOps
This article is based on Chapter 4 of Becoming Agile by Gregory S. Smith.
A few months ago I was contacted by a friend with a problem. The year was coming to an end and he had let a compliance project slip through the cracks. The compliance deadline was year end which was a mere five weeks away. Failure to comply could mean serious government repercussions to his company. My friend asked for help in creating an Agile team and doing an Agile project in the following five weeks.
This would be a great time to tout how Agile came in and saved the day but that would be a lie. I did help my friend prioritize his work and make the deadline, and we did follow some Agile principles along the way, but we did not put an Agile team or process in place.
Why didn't we put an Agile team in place and follow an Agile framework? Because it takes time. Teams need time to feel comfortable with Agile processes and they need time to learn how to interact with each other. Managers need time to learn how to lead in an Agile environment. The team needs to use an Agile process for several months, then major benefits will begin to manifest.
Migrating to Agile is more than changing your process. It also requires a change in culture. For most companies changing culture is the most difficult part. I believe this is true for several reasons. Here are a few:
- Whether successful or not, companies get comfortable with their processes.
- Many people still believe requirements change because they are poorly managed. They cannot comprehend a process that embraces change.
- Most managers have been trained to control events. Empowering the development team to deliver and own the project is not intuitive or logical.
- Job protection. In larger companies whole groups are dedicated to regulating and overseeing projects. An Agile team has less need for these services.
There are numerous other reasons but I believe these are at the center of the issue.
These issues should be addressed in two ways. First, you want to address the culture needs of each group head on. We will do that by laying out a game plan for obtaining support from line management, the team, the individual and executive management.
IF YOU WORK IN A SMALLER COMPANY
If you are in a smaller company you may not have all of the possible organization levels. That is a good thing. You should find it easier to create an Agile culture because you are fighting your competition on a daily basis. You will obtain the most value by reading the sections related to creating an Agile team and addressing the needs of the individual.
Second, you want to address this problem by establishing practices that foster an Agile culture. Practices such as high customer involvement, testing early, and collaborative decision making will promote an Agile mentality throughout the company.
Figure 1 An Agile culture is established when the 3 major groups come together within a company. Executive management endorses the Agile principles, working managers learn to coach instead of direct, and the project team understands and supports Agile principles and practices.