Software Engineering, Project Management, and Effectiveness
Building guidance takes a lot of research. Over the years, I've learned how to do this faster and easier. One of the most important things I do is setup my folders (whether file system or Groove)
I use this approach whether I'm doing personal learning or building 1200+ page guides. This approach helps me spend more time researching and less time figuring out where to put the information.
My Related Posts
Today we released our Beta 1 of Performance Testing Guidance for Web Applications Guide. It shows you an end-to-end approach for implementing performance testing, based on lessons learned from applied use in customer scenarios. Whether you're new to performance testing or looking for ways to improve your current approach, you'll find insights you can use.
Contents at a Glance
About Our Team
Today we released our Beta 1 of Team Development with Visual Studio Team Foundation Server Guide. It's our Microsoft playbook for TFS. This is our guide to help show you how to make the most of Team Foundation Server. It's a distillation of many lessons learned. It's a collaborative effort among product team members, field, industry experts, MVPs, and customers.
About Our Team
Contributors and ReviewersHere's our contributors and reviewers so far:
I'm a fan of using different techniques for improving thinking. Here's a write-up on Six Thinking Hats. This book presents a simple and effective thinking framework. What I like about the approach is that it's both effective for individuals as well as a team. What I also like about the approach is that rather than focus on trying to change personalities, it creates a way for different personalities to play well together. Imagine the time you'll save in meetings!
Because Six Thinking Hats uses the hats as a metaphor, nobody gets a label. Instead, the entire team can put on the relevant hat for the task at hand: white, red, black, yellow, green, or blue. Imagine the surprises you get when the dominantly data-driven put on their green hats and get creative. Better yet, imagine what happens when the overly optimistic put on their black hats and play the "devil's advocate"?
What's interesting is this type of mode switching already happens. For example, in security we use white hats and black hats. On my team, I often ask, "what's your gut say" to tap into intuition and emotions. If I see the team too optimisitic, I ask "why won't this work?".
I think having a simple set of metaphorical hats and rules for the game will really help improve thinking and collaboration, and avoid the stale-mates that can often happen in meetings. As the author puts it, you "think your way forward versus judge your way forward."
Darren asks Which Feed Reader is Best? I was going to just add a comment, but it quickly turned into a post.
I've used Bloglines, Google.com, Google Reader, Live.com, Newzie, OMEA Reader, and RSS Bandit. I know I've used more that I'm forgetting. They all have their strengths and weaknesses, so finding the right match for my scenarios is the key. They all seem to continue to improve, so I find I also have to go back and re-evaluate from time to time.
For the rich desktop experience, I ended up using Newzie. Rob pointed me to it and I know he does a lot of feed reading and he too had tried a lot of readers. What's interesting about Newzie is its use of color-coding to flag by time. I also like the fact that it has multiple views, including a tree view, list view, news ticker view, and a today view.
For my "webtop" experience, I end up mostly using Live.com so I could get to my feeds from any desktop. I created pages for different topics. This lets me chunk up my reading experience and never get overwhelmed. The nice thing about a page view is it's easy to scan across.
When I help somebody get started reading feeds, if they have a Windows Live account, then I show them how to add pages and add feeds to Live.com, since I don't think it's obvious. If they don't have a Windows Live account, then I have them download Newzie and help them add a few posts of their favorite topic, and then show them how to swtich views.
My Related Posts
I was skimming The Secrets of Consulting and I came across this nugget:
“...Many years ago, Sir Ronald Fisher noted that every biological system had to face the problem of present versus future, and that the future was always less certain than the present. To survive, a species had to do well today, but not so well that it didn’t allow for possible change tomorrow. His Fundamental Theorem of Natural Selection said that the more adapted an organism was to present conditions, the less adaptable it tended to be to unknown future conditions. We can apply the theorem to individuals, small groups of people, large organizations, organizations of people and machines, and even complex systems of machinery, and can generalize it as follows: The better adapted you are, the less adaptable you tend to be...”Source: Gerald M. Weinberg, The Secrets of Consulting (New York, Dorset House Publishing, 1985) pp 29-30
Along the same lines, I was scanning Lean Software Engineering and came across this nugget:
"... When it comes to large-scale, creative engineering, the right processes for all the various teams in an organization depends on both people and situation — both of which are constantly changing. You can’t just adopt a particular process and be done with it. So really the only “bad process” is one that doesn’t provide framework to reflect and permission to adapt..." Source: Avoid Dogma When Herding Cats
This reminded me of a quote from Hereclitus - "Nothing endures but change."
I'm a fan of adaptability and continuous improvement. I think adaptability is a key ingredient for effectiveness. I always reflect on and test how adaptable is my mindset? ... my approach? ... my tools? ... my teams? ... my organization? ... my company? ... etc.
Ron talks security with Alik in ARCast.net - Defending the Application. If you want to hear some practical advice on security, listen to Alik. He's in the field doing security every day with customers. It doesn't get anymore real-world than that.
The key take-away for me is the focus on proven practices. I have a belief that focusing on a set of core practices is more effective than chasing all the variations of bad symptoms. For example, if you adopt a practice of constraining, rejecting and sanitizing input, and you verify input for length, range, format and type, you tackle injection issues (cross-site scripting, SQL injection, SQL truncation ... etc.) at the source.
At one point in the interview, Ron mentions that attackers share information all the time. Unfortunately, security is a game of what you don't know can hurt you. That's why I think community efforts and knowledge bases are a must. I'm glad to see more information sharing in blogs. I'm also glad to see efforts like the Open Web Application Security Project (OWASP). It's also why I try to share as much as possible through patterns & practices security guidance, Guidance Explorer, and SecurityGuidanceShare.com.
Per Vonge Nielsen is blogging! He's been my manager for several years at patterns and practices. He's also been a mentor for myself and many others, so it's great to see him share his learnings more broadly. Per has a way of distilling information down into the essential insights, which is a treat in today's information overloaded world.
Enjoy Per's first post - Divide and Conquer – one step at a time.
SecurityGuidanceShare.com is an experiment. I'm testing different ways to maintain and share a large body of guidance. I'm also exploring ways to factor and maintain a comprehensive set of more stable principles and practices, while dealing with more volatile, technology-specific information.
I'd like your feedback on
My two favorite features:
Comment here or send mail to SecNet.
Are you experiencing anxiousness, self-doubt or guilt? It might not be your fault. A parasite might be controlling your mind. Jason explains how in Mind Control and the Friendly Mouse.
I've worked with Jason for a few years from building software to writing guidance. He's fast and effective. We regularly swap techniques for getting results. He's got a gift for distilling insights into action. He shares that gift in his blog.
Check out Jason Taylor's blog - The Good Life, to learn:
You can also use his blog to learn how to recover from repetitive stress injuries.
Jason's currently working with me and Prashant on the patterns & practices Visual Studio Team System Guidance project.
Mark Tomlinson shared an emerging industry practice with me. Customers are setting up incremental environments. The environments are incremental steps from a developer environment to production. Incremental Environments
There's no strict rule for how many of each type of environment, and the most sohpisticated setup has multiple physical environments/labs which could be used for any of each purpose. The beauty of this approach is that instead of having a great big wall to throw your application over, it's a series of incremental hurdles. Each hurdle represents increasing requirements and constraints. This approach is also great for Centers of Excellence. A Center of Excellence team can build the environment to reflect and codify their practices. The Center of Excellence team can also harvest and share the lessons learned to help teams over each incremental step.
To engineer for performance, you need to embed a performance culture in your development life cycle, and you need a methodology. When you use a methodology, you know where to start, how to proceed, and when you are finished.
Keys to Performance EngineeringThese are fundamental concepts to performance engineering:
High ROI TechniquesThese are some of the most effective techniques we use to directly impact performance results:
More InformationYou can find more about the concepts above at:
I'm jazzed to see Corey and Bernie on the blog scene. They're partners in crime on a Lean Software Engineering blog. They have real advice for real people doing software.
Why listen to what Corey and Bernie have to say? They know what they're talking about from experience. They have the knowledge that can turn your software engineering around, if you need it. A lot of what they know, is not well known (or at least not applied), so their blog is something of a gateway to a world of better software engineering.
Whether you shape software, build it, or manage it, you'll find insights you can use. Here's some of the things you'll learn:
I don't think our patterns & practices Security Engineering Explained guide is very findable, so I'm blogging it. This could very well be the short guide that forever changes how you do security engineering. The techniques in the guide are timeless and time-tested.
It's not a complicated methodology. Instead, it's a set of techniques that have proven to be the most valuable. How do we know? Customer case after customer case.
Incremental AdoptionThe beauty of this approach is that you don't have to adopt them all at once. You can pick and choose the technique you see fits your software life style. Here's some examples:
(Sorry - we don't have a set of patterns & practices guidance on performing specific security testing techniques at this time, though I think it's important and I have done some R&D projects in this area.)
It's worth pointing out that the security techniques baked into Visual Studio Team System use our security engineering approach. For example, you'll find our threat modeling templates in the MSF Agile and MSF for CMMI process guidance.
How to Get the Guidance
TeamHere's members of the original team that have blogs: