Software Engineering, Project Management, and Effectiveness
Why do people resist change, even when it's for their own good? Your own body can work against you. If you know how your body works, you're better prepared to making key changes. David Rock and Jeffrey Schwartz write about two reasons that work against you, in their article, "The Neuroscience of Leadership", in "strategy+business" magazine. I've summarized my key learnings in this post.
Two Reasons Why People Resist Change
Attention EffortTrying to change a hard-wired habit requires a lot of effort, in the form of attention. Your routine activities and tasks are handled by your basal ganglia which don't require conscious thought. When try to switch from a routine activity or task to new approach, it requires your prefrontal cortex. The prefrontal cortex supports higher-level processing. It's your working memory. The problem is, your prefrontal cortex fatigues easily and can only hold a limited set of information "online" at a time.
Habits like how you sell ideas, run a meeting, manage others and communicate are comfortable routines. You could do them blindfolded. Theses routines are handled by your basal ganglia. It requires a lot of effort in terms of attention to change them. Many people find this feeling uncomfortable. See Working Memory vs. Routine Activity.
Errors Between Expectation and ActualityChange triggers "error" responses. An error response is when you perceive a difference between expectation and actuality. Your error responses are generated by your orbital frontal cortex. Your orbital frontal cortex responds to errors in expectations (e.g. you expect something to be sweet, but it tastes salty). It is closely connected to your amygdala. Your amygdala is your fear circuitry. It's where the amygdala hijack happens. The amygdala hijack is the sudden and overwhelming fear or anger response.
The amygdala and the orbital frontal cortex are among the oldest parts of the mammal brain. When they are activated, they draw metabolic energy away from the prefrontal region, which supports higher intellectual functions. You're in fight-or-flight mode.
What this means is that while you're trying to make a change, and you need your higher-level processing (prefrontal region) to make that change, you're busy reacting in your orbital frontal cortex and amygdala, while they are starving your prefrontal region.
Key Take AwaysHere's my key take aways
My Related Posts
Where does the world's best insight come from? Yourself. Sure, somebody can lead you along, but it has to be your lightbulb that goes off. You are your most important change agent. Nobody can just hand you a bucket of brilliant conclusions and expect meaningful change. David Rock and Jeffrey Schwartz write about why moments of insight need to be generated from within, in their article, "The Neuroscience of Leadership", in "strategy+business" magazine.
2 Reasons to Help Others Come to Their Own InsightsRock and Schwartz write:
"For insights to be useful, they need to be generated from wihin, not given to individuals as conclusions. This is true for several reasons. First, people will experience the adrenaline-like rush of insight only if they go through the process of making connections themselves. The moment os insight is well known to be a positive and energizing experience. The rush of energy may be central to facilitating change: It helps fight against the internal (and external) forces trying to keep change from occurring, including the fear response of the amygdala.
Second, neural networks are influenced moment to moment by genes, experiences, and varying patterns of attention. Although all people have some broad functions in common, in truth everyone has a unique brain architecture. Human brains are so complex and invidual that there is little point in trying to work out how another person ought to reorganize his or her thinking. It is far more effective and efficient to help others come to their own insights. Accomplishing this feat requires self-observation. Adam Smith, in his 1759 masterpiece The Theory of Moral Sentiments, referred to this as being 'the spectators of our own behaviors.'"
Attention Density Shapes IdentityRock and Schwartz write:
"The term attention density is increasingly used to define the amount of attention paid to a particular mental experience over a specific time. The greater the concentration on a specific idea or mental experience, the higher the attention density. In quantum physics terms, attention density brings the QZE into play and causes new brain circuitry to be stabilized and thus developed. With enough attention density, indvidual thoughts and acts of the mind can become an intrinsic part of an indvidual's identity: who one is, how one perceives the world, and how one's brain works. The neuroscientist's term for this self-directed neuroplasticity."
Key Take AwaysHere's my key take aways:
How much do your expectations shape what you get? A lot. David Rock and Jeffrey Schwartz write about how your expectations and attitude play a larger role in your perception than previously understood in their article, "The Neuroscience of Leadership", in "strategy+business" magazine.
Mental Maps Play a Big RoleRock and Schwartz write:"Cognitive scientists are finding that people's mental maps, their theories, expectations and attitudes, play a more central role in human perception than was previously understood. This can well be demonstrated by the placebo effect. Tell people they have been administered a pain-reducing agent and they experience a marked and systematic reduction in pain, despite the fact that they have received a completely inert substance, a sugar pill."
You Get What You Expect Rock and Schwartz write:
"The fact that our expectations, whether conscious or buried in our deeper brain centers, can play such a large role in perception has significant implications. Two individuals working on the same customer service telephone line could hold different mental maps of the same customer. The first, seeing customers only as troubled children, would hear only complaints that needed to be allayed; the second, seeing them as busy but intelligent professionals, would hear valuable suggestions for improving product or service."
Cultivate Moments of InsightRock and Schwartz write:
"How, then, would you go about facilitating change? The impact of mental maps suggests that one way to start is by cultivating moments of insight. Large-scale behavior change requires a large-scale change in mental maps. This in turn requires some kind of events or experience that allows people to provoke themselves, in effect, to change their attitudes and expressions more quickly and dramatically than they normally would."
Individuals Have to "Own" Their ChangeRock and Schwartz write:
"That is why employees need to "own" any kind of change initiative for it to be successful. The help-desk clerk who sees customers as children won't change the way he or she listens without a moment of insight in which his or her mental maps shift to seeing customers as experts. Leaders wanting to change the way people think or behave should learn to recognize, encourage, and deepen their team's insights."
Key Take AwaysHere's my key take aways:
You might have heard the expression, "you get what you focus on." But, have you heard that what you focus on actually reshapes your brain? The act of paying attention creates chemical and physical changes in your brain. David Rock and Jeffrey Schwartz write about how focused attention can physically change the structure of your brain in their article, "The Neuroscience of Leadership", in "strategy+business" magazine.
Reshaping the Patterns of Your Brain Rock and Schwartz write the following"
"Concentrating attention on your mental experience, whether a thought, an insight, a picture in your mind's eye, or a fear, maintains the brain state arising in association with that experience. Over time, paying enough attention to any specific brain connections keeps the relevant circuitry open and dynamically alive. These circuits can then eventually become not just chemical links but stable, physical changes in the brain's structure.
Attention continually reshapes the patterns of the brain. Among the implications: People who practice a specialty every day literally think differently, through different sets of connections, than do people who don't practice the specialty. In business, professionals in different functions - finance, operations, legal, research, and development, marketing, design and human resources - have physiological differences that prevent them from seeing the world the same way."
Key Take AwaysI know I think differently based on the job I do everyday, if I compare how I solved problems in the past. Building prescriptive guidance forces me to be a continuous student of principles, patterns, and practices.
I never thought about whether my daily job created structural changes in my brain. However, now that I think about it, I remember that a colleague told me long ago that if you measure the brain activity between an expert and novice, that the expert would traverse way more connections, and it could actually take the expert longer to solve problems (more paths to check.)
The real question now is, am I missing out on any key thought patterns or capabilities because of the way my brain gets trained?
Why do many leadership efforts and organizational change initiatives fail? Are there any new insights that might shape new management practices? David Rock and Jeffrey Schwartz summarize some counterintuitive conclusions in their article, "The Neuroscience of Leadership", in "strategy+business" magazine.
Leading and Influencing Mindful ChangeRock and Schwartz write the following:
"Managers who understand the recent breakthroughs in cognitive science can lead and influence mindful change: organizational transformation that takes into account the physiological nature of the brain, and the ways in which it predisposes people to resist some forms of leadership and accept others. this does not imply that management - of change or anything else - is a science. There is a great deal of art and craft in it. But several conclusions about organizational change can be drawn that make the art and craft far more effective. These conclusions would have been considered counterintuitive or downright wrong only a few years ago."
Counterintuitive ConclusionsRock and Schwartz identify the following conclusions:
Key Take AwaysI'm not actually surprised by the conclusions. I see these conclusions show up in my day to day at Microsoft. If I were to distill the most important points, I think they are:
Have you ever wondered why some things you can do on "auto-pilot" or without thinking, while other tasks are mentally draining? Your thoughtful tasks are using your working memory (prefrontal context), while your repetitive, familiar and routine activities are using your basal ganglia, which doesn't require conscious thought.
Prefrontal Cortex and Basal Ganglia David Rock and Jeffrey Schwartz summarize the prefrontal cortex and basal ganglia in their article, "The Neuroscience of Leadership", in "strategy+business" magazine:
ExampleYou can relate to this using driving a car as an example. When you first learn to drive a stick shift, it's a lot of thinking and processing. You're using a lot of your working memory (prefrontal cortex.) Once you get enough practice, it becomes a habit and you no longer have to think about your driving. At that point, you've baked the routines into your basal ganglia.
How To Use ThisYou can apply this in three ways: First, when you're learning something new, chunk it up so your working memory can handle it. Second, when you are getting overloaded, consider creating a checklist so you can "dump" your working memory. Third, when you are learning a new task and it feels awkward, rather than get frustrated, remind yourself that you're dealing with prefrontal cortex and you haven't move it to your basal ganglia yet.
Here's a quick rundown of my take on key trends. Trends are different from fads since they're longer-lasting and more pervasive. I don't have a crystal ball or a magic 8-ball, but I have 20/20 hindsight with the customers I work with and an eye for patterns. Last year, I saw more virtualization, more agile/scrum adoption, and more distributed collaboration, as well as adoption of more social software practices in the Enterprise.
Key Trends Here's a quick list of trends I'm paying attention to (some more pervasive than others) ...
Key Links for Predictions and Trends for 2008Here's a few links I found useful:
Quick TipOne quick tip for your trend studies -- knowing demographics helps and consumer trends tend to lead other markets so they're a good place to look. It also helps to understand the Four Stages of Market Maturity to help rationalize why you see what you see. The real value of trend watching though is anticipating and taking action, even if it just means being prepared versus surprised.
Happy New Year! It's a new year and many of you will be setting new goals for yourself as part of your New Year's resolutions. I want to give you an important nugget you can use when you implement your goals and start to face some potential discomfort or pain. This insight may be exactly what you need if you've ever failed at changing a habit or meeting your goals in the past.
Creating New Habits and Reducing Friction in Your GoalsI actually wasn't sure whether to title this post with "catch yourself in the act," "reward yourself in the moment", or "how to change a habit" but I think "reward yourself in the moment" is a simple enough rule to remember and it's more precise. The key point is to reward yourself in the moment. If you do so, you can actually rewire your associations of pleasure to a task you don't typically enjoy. It has to be "in the moment" when you are actually "feeling" the pain. The very precise point is that it's in the moment versus after the fact. "Timing" and "feeling" are the keys.
We're Creatures of Habits That "Feel" GoodHow many habits do you have that you don't enjoy? I don't mean a habit that's not good for you. I mean, are your habits things that make you feel good or things that make you feel bad ... in the moment? I bet that most of your habits you have, make you feel good and you do them for exactly that reason. It's in the moment. (You might feel bad afterwards or you might "think" the habits are bad, but you "feel" good while you actually do them)
"Thinking" vs. "Feeling" AssociationsWhen I was younger, I didn't understood why you had to catch the dog while they are in the act of making a mess, and not after the fact. I knew the rule, but I didn't get how important the timing was. It's because you have to associate negative in the exact moment of "feeling." It's also why immediately rewarding your dog with a snack when they show good behavior has a powerful effect. Unless your dog is Scooby Doo, it isn't going to reflect (think) on its behavior. They are simply responding to feelings from one moment to the next. They'll move toward pleasure and away from pain. If you punish or reward them after the act, it's too late.
Reward in the Moment, Not After the FactHere's an example I heard where this finally hit home for me. In this example, you want your kid to clean their room, but they want to go out and play. You tell them they can go out to play when they are done. However, they "feel" pain the entire time while they are cleaning their room. They internalize hating it. The promise of playing when they are done doesn't help. They still hate how it "feels." What happens when you step in and sincerely thank them *while they are doing it*? They "feel" good and now associate pleasure while cleaning their room (assuming you showed them appreciation in a way that resonates for them.)
How You Can Apply ItYou can use this insight on a daily basis to reduce friction and find the joy in tasks you normally hate. The key is to find ways to enjoy how something "feels" when you normally don't, while it's in the moment, not after the fact. You'll get better at this, once you figure out your own reward patterns, so it's a skill that gets easier over time. Since it's a little bit of thoughtful work, don't overload yourself. Just pick a few things that hold you back the most and work on those first. The challenge with this is that you have to figure out your personal reward system. The upside is, your the best person to know what you like and don't.
You can actually game yourself to enjoy some things that you normally don't. Here's how I applied this to my workouts when I was "feeling" the pain. When I realized that the pain was growth, I suddenly "felt" differently about the "pain" and it became pleasure. I didn't just "think" differently; I "felt" differently about it (your thoughts create your feelings.) I also make it a habit to play my favorite music so I associate pleasure in the moment. This is an important distinction. It's why promises of rewards at the end of the month don't work. It's disconnected from "in the moment."
On the job, I try to catch people in the moment, and show appreciation "in the moment," particularly when they are performing a task they don't enjoy. A little appreciation, at the right time, goes a long way.
How Not to Reward YourselfI'll use the principle of contrast to show how NOT to reward yourself. Let's say you want to drop 10 pounds this month. One way is to tell yourself you will reward yourself by going to your favorite restaurant when you are done. Well, you might give yourself motivation, but you haven't changed how you feel when you workout. If you don't find a way to enjoy your workout, then you may eventually give up.
Chunk It DownFind a way to enjoy all the friction points you feel along the way. If you work out in the morning, this includes finding a way to enjoy getting out of bed. Sure this takes some thought and preparation up front, but eventually you'll not only get used to your routine, you will enjoy it. We're creatures of habit. In this case, you're building good habits that you'll keep up simply because you'll enjoy them. How many habits do you keep up that you really don't enjoy?
Best Wishes on Meeting Your GoalsBest wishes on meeting your goals and changing your habits in the New Year. I hope you find this nugget of insight helpful and use it as another tool for your personal effectiveness.
You can tell the maturity of a market by the consumer patterns. If you know the life cycle stages of a market you can better anticipate what level of "needs" your product needs to match to be successful. (I always think of needs in stages like Maslow's hierarchy.)
The Four Stages of Market Maturity
From Survival to CustomizationIn the Autumn Special Edition of "strategy+business" magazine, Alonso Martinez and Ronald Haddock describe how a country evolves from developing nation to industrialized nation:
"As a country evolves from developing nation to indusrialized nation, the population's basic needs pass through four distinct stages. In developing countries, most of hte population is preocupied with basic survival - obtaining adequate food, shelter, and clothing. (Much of sub-Saharan Africa is in the stage right now.) As a middle class emerges, people seek greater quality in their food, housing, and clothing (This is currently happening, for example, in much of China and India.) Once a transitioning market's population can afford relatively high quality, they begin to seek convenience; they buy time-saving appliances and processed foods, and they may move closer to work. (This stage is emerging today in Eastern Europ and Latin America.) Finally, as the market graduates into the realm of developed nations, the population wants customization; with needs for survival, quality, and convenience now met, people will spend a premium (as many do in North America, Japan, and western Europe) to satisfy individual tastes and desires."
Key Take AwaysI think to successfully anticipate global market needs, you need to understand where in the stack, various consumers are. I've noticed a lot more attention on customization, particularly in social software and personal devices.
I read an interesting article on behavioral economics by Harry Quarls, Thomas Pernsteine, and Kasturi Rangan, in "strategy+business" magazine. According to the authors, behavioral finance supports a counter-intuitive strategy of loving your market "dogs" (underperformers) over your stars. They pose a few questions up front:
Conventional Approach is Stars Over Dogs Quarls, Pernsteine, and Rangan write:
"In the course of maximizing shareholder value, senior executives routinely face decisions about which of their companies' businesses should be nurtured, which should be starved, and which should be sold. The typical strategy is to invest more heavily in the 'stars' that are earning superior returns on capital, while starting or selling the underperforming 'dogs' This is the conventional approach in corporate finance and has become so ingrained in corporate finance and has become so ingrained in management practice that it is almost impossible to question it."
Way to Thrive is Love Your Dogs Quarls, Pernsteine, and Rangan write:
"There is, in fact, reason to believe that the conventional wisdom is wrong. Corporate managers often rely on accounting metrics to make business decisions. However, these metrics are based on past performance; the market is interested only in the future. And past performance is generally a poor predictor of the future. Thus, when performance is assessed over time, greater shareholder value can be created by improving the operations of the company's worst-performing business. The way to thrive is to love your dogs.
Just as some fund managers earn superior returns by identifying and buying undervalued 'market dogs' - better known as value stocks - corporate leadership can learn to identify 'value assets,' hold and nurture them, and produce superior performance. This in turn will ultimately lead to an increase in shareholder value."
3 Messages for Corporate Leaders Quarls, Pernsteine, and Rangan have three messages for corporate leaders:
Key Take AwaysI think there's several interesting points.
Personal DevelopmentTo sanity check ideas, I like to test them against personal development concepts. It can help quickly put things in perspective. For example, should you invest more in your star skills or improve your dogs? Conventional wisdom to go from good to great is work on your star skills. However, a liability can hold you back (think in terms of Kano -- a dissatisfier can really undermine all your satisfiers.) But, what if you have a few skills that are diamonds in the rough, or what if there's a good chance of downstream market demand?
Project ManagementI manage a portfolio of results, so I also like to test ideas against project management practices. For me, I tend to use a few key factors around deciding where to spend energy and time:
From a dog and star standpoint, I like to count on my stars, but I experiment with a lot of dogs, since the rate of failure is pretty high, but it's the future of the dogs that help me stay adaptable over getting overly adapted. Put it another way, what got me here today, won't get me there tomorrow.
If you're looking for yet another way to help you prioritize your backlog or to help you shape your product's design, consider the Kano model. One concept in the Kano model is satisfiers and dissatisfiers. You can think of satisfiers as features you might ask for. You can think of a dissatisfier as an unmet need. It's something you wouldn't necessarily ask for (latent need.) You just expect it. It's absence is a dissatisfier.
ExamplesHere's a few examples:
Key PointsHere's the keys:
My Relates Posts
Routines help build efficiency and effectiveness. Consistent action over time is the key to real results. If you add continuous improvement or Kaizen to the picture, you have an unbeatable recipe for success. The following are some of my rituals for results:
Try the ones you like. Experiment with the ones you don't. You might get surprised. As Tony would put it, "If you do what you've always done, you'll get what you've always gotten". Adopt a growth mind-set over a fixed mind-set. I'd be interested in hearing success stories or your favorite rituals for results -- what techniques have personally served you well?
Do you have a favorite set of forcing functions? In patterns & practices, one of our forcing functions is building a slide deck. Building a deck is a forcing function because it forces us to distill the points, close down on issues, identify what we know, don't know and need to know next in a fairly constrained way. It helps to balance our elaboration on certain issues.
I like to use blog posts as a forcing function. There's plenty of topics I could write books on, but I like using a post as a forcing function to chunk something down into a nugget of insight, or a collection of nuggets of insight.
Kaizen is a Japanese term for continuous improvement. A little Kaizen goes a long way over time. From a personal development standoint, it's key for overcoming resistance.
Book building is art and science. I've built a few books over the years at patterns & practices. In this post, I'll share a behind the scenes look at what it takes to do so. I'll save the project management piece for another day, and focus on the core of book building.
Book ExamplesBefore we get into the details, here's a quick look at my past books:
If you're familiar with the books, particularly Improving Web Application Security and Improving .NET Application Performance and Scalability, you'll know that the books aren't like typical books. They're optimized to be executed rather than read. The expectation is you'll use them to improve your effectiveness on the job. That's why you can get the books in the bookstore, online or in Visual Studio ... in print, PDF or HTML.
Competitive AssessmentsThe books are targeted at real-world problems and real-world solutions. They've been used for competitive assessments:
Book ApproachAt a high-level, you can think of the approach in five main workstreams:
It's a "test-driven" approach, meaning we start with tests (questions and tasks) that our prescriptive guidance needs to pass. The bulk of the work is building "nuggets" that can be used standalone. We then assemble an end-to-end guide. Throughout the process we verify with test cases, lab repros, internal and external reviews, both with subject matter experts and every day users.
Researching and Analysis This workstream is about getting clarity on the problem space. It includes:
For more information on researching, see my related posts: Analyzing a Problem Space and How To Research Efficiently.
Designing This workstream is an iterative process of spiraling down on solutions. It includes:
For more information, see my related posts: Guidance 2.0, Scenarios in Practice, Scenario Frames for Guidance, and Driver's Guide vs. Owner's Manual.
BuildingThis workstream is where we do the bulk of our solution engineering. It includes:
TestingThis workstream is about verifying the solutions from both a technical and user experience perspective. It includes:
For more information, see my related post: Test-Driven Guidance.
Release This workstream is about making the guidance customer available. It's incremental, iterative and we stabilize over time. it includes:
Keep in mind that it's a stabilization process over time of various form factors and channels. We do our agile guidance on CodePlex, then stabilize and port to MSDN and a book when we're baked. For more information, see my related post CodePlex, GE and MSDN.
Key ConceptsI walked through the process first so that you have a good idea of the end-to-end approach. Here I'll highlight some of the key concepts that underlie my approach:
FeedbackHow do you build books? If you have thoughts, questions or feedback on my book building approach, feel free to share them here or drop me a mail. While this approach has been proven effective over time, there's always room for improvement. I'd like to hear what works for you. If you're a fellow book builder, please share your approach.
One of the questions I get is how we build and publish our guides and what's the relationship of CodePlex, GE and MSDN. At a high-level, we build reusable guidance nuggets for customer questions and tasks. We then build a larger guide to bring the nuggets together into a story. Together, this gives us both a knowledge base of nuggets and a series of guides. We can incrementally deliver value, refactor as appropriate, and respond to changing needs.
Bird's-Eye View of Agile Guidance EngineeringYou can think of our approach as progressive rendering of solutions (incrementally sharing and stabilizing.)
From CodePlex to MSDNAs we build guidance modules, we publish them to GE and CodePlex. GE lets you, the user, build more relevant views or tailor the nuggets to your own needs. CodePlex gives us a place to experiment with views and get direct user feedback, while we vet the guidance.
Once we're stable, we do a focused, batch effort to port to MSDN. MSDN gives us a bunch more channels and hooks including integration in Visual Studio / Visual Studio Team System.
There's much more to the story, so if there's interest, I'll share a behind the scenes look at how we build books.
My Related Posts
What's one path the SDL (Security Development Life Cycle) can take to amplify impact? From my perspective, I think the key is specialization for app types and verticals. I base this on lessons learned from shaping prescriptive guidance over the years, the market trend for specialization, and what I learned doing competitive assessments. I also know the enormous difference that getting specific can make (for example, our original patterns & practices threat modeling was one-size fits all -- now we shape it based on app type. This lets us integrate more precise "building codes," patterns, and recommendations.)
Conceptual Framework / Mental ModelHere's a strawman I put together of a conceptual model to paint the possibilities.
App TypesImagine app-type specific prescriptive guidance, services, tooling, process ...
VerticalsImagine SDL for verticals ...
Key AssetsMy take on what the various parties bring to the table ...
While it requires a bit of coordination and focus in key areas, I think it's both technically feasible and would deliver a ton of customer value. The sum is better than the parts. Thoughts?
Threat Modeling is a way to identify potential security issues to help you shape your application's security design. If you need to create a threat model, and you aren't sure how, here's some links to get you started. (Note that our patterns & practices threat modeling approach is adaptable for agile scenarios. In fact, our dominant set of customers we tested our approach with were using agile methodologies. I'll cover doing agile security another day. )
This is an oldie but a goodie. Alex (from our original team) walks through our patterns & practices Security Engineering Approach. I knew the video exists, but I had a hard time finding it again so I'm posting the link here.
Key ChangesA few things have changed since our original video:
If you have to compete for resources or budget or sell an idea, one of the keys is a business case. One way to think of a business case is "how big is the pie" and "what's your slice." You use the business case either to argue for your project or in argument against other projects competing for the same resources and budget.
The Three Keys of a Business CaseBecause the business case is such a critical piece of the project puzzle, I asked one of my mentors for their take on an effective business case. Here's the keys:
The Fourth KeyMy mentor was on a roll and added an additional key:
4. Risk / reward "options." The key is to be able to chunk down the value or the risk into an acceptable size (right-size the risk.) For example "I like your idea, but it's too big a chunk to bite off."
How do you design an org? While there's lots of approaches, one of my mentors shared the 5 Ps approach with me. To think about the org, you need to enumerate the 5 Ps to define the organization, the type of talent you need, overall organizational competencies, culture, etc. If you don't know what you're trying to do, you don't know who to hire.
The Five P'sThe 5 P's are:
It's one thing to get results. It's another to articulate them. Having a way to frame results can help both for personal learning, as well as review time when you have to reflect on accomplishments.
Commitment, Results, How, Evidence, Analysis
I've found framing results by listing the commitment, the results, the how, the evidence and the analysis to be pretty effective over the years. I'm a fan of concrete examples, so here's an example:
One of the key experiences you get with Guidance Explorer (GE) is support for manual security inspections. We call them inspections versus reviews because we inspect against specific criteria. We supply you with a starter set of inspection questions, but you can tailor them or add your own.
Security Code InspectionWe use three distinct types of inspections: design, code and deployment. For this example, we'll use Guidance Explorer to do a security code inspection of an ASP.NET application.
Summary of Steps
Step 1. Create a new View. In this step, you add a new view to My Views. To do so, in GE, right-click, My Views, and add a new View. You can name your View whatever you like, but for this example, I'll name mine "Security Code Inspection."
Step 2. Add inspection questions to your view.In this step, you add relevant security inspection questions. To do so, in GE, click the patterns & practices Library, next click Security, next click Security Engineering, next click Code Inspections. Expand the ASP.NET 2.0 set of security inspection questions.
For this example, drag and drop the questions from the following categories: Input and Data Validation, Forms Authentication, and SQL Injection. This will give you a nice focused set of questions to drive your inspection.
Step 3. Save your View to Word.In this step, you save your View as a Word doc. To do so, right-click your view (e.g. "Security Code Inspection") and click Save Vew as .... Name your doc (e.g. "My Security Code Inspection.doc") and click Save.
You just built your own security code inspection set!
Extending and ExploringThere's a lot of exploring you can do and ways you can extend:
Share Your StoriesI'm sure you're bound to have stories. If you haven't done security code inspections before, you're in for a treat. Security Code Inspections are a proven practice. While the criteria and context may vary, the technique pretty much remains the same. Share your stories either in this post or send email to firstname.lastname@example.org.
This is a significant release for Guidance Explorer (GE). Our online "guidance store" is now hosted on MSDN. To take advantage of this, you need to download the new version of Guidance Explorer (release 20071206)
What Is the Guidance StoreOur guidance store is a catalog of reusable guidance nuggets for helping you build applications. The catalog is organized by the following:
At a high-level, you can think of the catalog as a collection of application scenarios, "building codes" and engineering practices.
What is Guidance ExplorerGuidance Explorer is a smart client application that talks to the Guidance Store over a Web service. You can use GE to create, organize and share your favorite guidance nuggets.
Key Usage ScenariosThe key usage scenarios are:
To put it another way, you can use GE to slice and dice the patterns & practices catalog, tailor the guidance, or build your own guidance.
What's New in the Latest ReleaseWhat you can expect in Guidance Explorer version 20071206:
How's that for guidance as a service? (Personally, I think the next step is relevant guidance feeds for guidance mash up scenarios.)
When you run GE the first time, let it synch for about 10 minutes. It's downloading more than 3,000 items from our catalog.
Test Driving Guidance ExplorerHere's a few of the first things to try