Software Engineering, Project Management, and Effectiveness
“Are you getting results? …”
Over Christmas break, I committed to finishing the writing for a book that I expect to change a lot of people's lives. It's my first non-technical book. The working title is, Getting Results the Agile Way. It's all about getting results in work and life. It's the playbook I wish somebody had given me long ago for finding work/life balance, managing time, playing to my strengths, and making the most of what I've got.
Why Getting Results The world is a tough place. Between layoffs, the economy, and simply the unknown, a lot of people are having a really tough time in their lives. There are constantly new challenges at a pace that's tough to keep up. Worse, I don't think you learn a lot of these skills in school or on the job, except through the school of hard knocks.
This is my playbook for you. For more than 10 years at Microsoft I've tested and evaluated ways to get results. I've had to find things that not only work for me, but that could work for the people I mentor inside and outside the company, as well as for large teams around the world. I'm a big believer that everybody can get great results if they have the right know-how.
What Sorts of Problems Does It Tackle The book is a system and a playbook for some of these common challenges:
It helps with a lot of things because mostly it gets you spending the right time, on the right things, with the right energy, the right way. This is the key to your best results.
My Story When I first joined Microsoft, it was sink or swim. I saw a lot of people fail. Among the chaos, I also saw many people thrive. I wanted to know their secrets. I started with people on my team, but the next thing you know I was studying success patterns around the company. If somebody was known for getting results, I hunted them down and studied their ways.
I learned so many simple things that actually worked. For example, instead of managing time, the real key is managing your energy. I'd rather have four power hours, than a week of just going through the motions. The secret of work life balance is setting up your own artificial boundaries, whether it's "dinner on the table at 5:30" or "no work on the weekends." Finding your passion can be as simple as connecting to your values. For example, I use metaphors to make my project an epic adventure and I have the team create the movie poster of what great results will look like. How's that for wanting to show up and give your best every day knowing you're working on blockbuster results?
What is Agile Results? You'll hear me talk about Agile Results quite a bit. It's the name I gave the system that serves as the foundation for the Getting Results guide. Agile is all about responding to change. It's agility in action. It's all about making progress while the world changes under your feet.
My Agile Results system borrows the best principles, patterns, and practices across a variety of disciplines from sports, positive psychology, personal productivity, Agile development, Scrum, project management, time management, leadership skills, and strengths-based development. It's more than a mash up -- I've tested and honed the system to work for individuals and teams while refining it over years of deliberate practice. To me, great results for the team, always starts with unleashing an individual’s best. Having fun is contagious and getting results spreads like a wild fire.
Agile Results in a Nutshell Here is the Agile Results system at a glance:
How to Get Started Getting started is really easy. If you write down 3 results you want for today, you're doing Agile Results. Is there more to it? … Sure, but take it at your own pace. Here’s a one-page guide for getting started with Agile Results.
How To Follow Along for the Ride You can read Getting Results for free online in HTML. I’ll continue to shape the guide over the next several weeks based on feedback. I’ll also be making March a focus on getting results so if you’ve been looking for a jumpstart for your life, this is a great month to make it happen. I’ll be sharing nuggets for getting results at my effectiveness blog, Sources of Insight.
If you're not getting the results you want in your life, you just need the skills. Use my guide to stuff your bag of tricks with some new tools that will change your game and help you unleash your best.
Why do some companies survive and thrive in the face of global competition? What do some companies do differently so they are growing and making money, having more productive employees, getting more from their investments, and having more success with their strategic initiatives?
They digitize their core processes.
In the book, Enterprise Architecture as Strategy, Jeanne Ross, Peter Weill, and David Robertson write about how to turn IT into an asset rather than a liability.
Companies that survive and thrive can execute their core operations in a reliable and efficient way. They can do so because they’ve digitized their core operations. In this way, they’ve turned their IT investment into an asset versus a liability, and they’ve achieved business agility. Ross, Weill, and Robertson write:
“We believe these companies execute better because they have a better foundation for execution. They have embedded technology in their processes so that they can efficiently and reliably execute their core operations of the company. These companies have made tough decisions about what they must execute well, and they've implemented the IT systems they need to digitize those operations. These actions have made IT an asset rather than a liability and have created a foundation for business agility.”
Digitizing your core operations can lead to higher profitability, faster time to market, and more value from IT investments. And, lower IT costs. Ross, Weill, and Robertson write:
“We surveyed 103 U.S. and European companies about their IT and IT-enabled business processes. Thirty-four percent of those companies have digitized their core processes. Relative to their competitors, these companies have higher profitability, experience a faster time to market, and get more value from their IT investments. They have better access to shared customer data, lower risk of mission-critical systems failures, and 80 percent higher senior management satisfaction with technology. Yet, companies who have digitized their core processes have 25 percent lower IT costs. These are the benefits of an effective foundation for execution.”
Some companies just don’t get it. They cut, but they don’t create value. Meanwhile, the companies that do get it, pull further ahead. Ross, Weill, and Robertson write:
“In contrast, 12 percent of the companies we studied are frittering away management attention and technology investments on a myriad of (perhaps) locally sensible projects that don't support enterprise-wide objectives. Another 48 percent of the companies are cutting waste from their IT budgets but haven't figured out how to increase value from IT. Meanwhile, a few leading-edge companies are leveraging a foundation for execution to pull further and further ahead.”
With a strong foundation for execution, you can achieve business agility and profitable growth. Ross, Weill, and Robertson write:
“As such statistics show, companies with a good foundation for execution have an increasing advantage over those that don't. In this book, we describe how to design, build, and leverage a foundation for execution. Based on survey and case study research at more than 400 companies in the United States and Europe, we provide insights, tools, and a language to help managers recognize their core operations, digitize their core to more efficiently support their strategy, and exploit their foundation for execution to achieve business agility and profitable growth.”
I’m lucky enough to be on the Enterprise Strategy team at Microsoft. A focus in Enterprise Strategy is to help a company identify their core business and IT capabilities and to pick the best opportunities to transform their business in a scenario-based way. Changes at the capability level have a ripple effect across people, process, and technology. It’s effectively the business of business transformation. The goal is to accelerate business value and help these companies survive and thrive in changing times.
Speaking of changing times, the Cloud is really a great forcing function for business transformation. More and more companies are looking at what they should do to make the most of what Cloud, mobile, social, and big data bring to the table. I’ve been watching the transformations unfold and hearing the stories from the trenches.
I’ll be talking more about the book, Enterprise Architecture as Strategy, in the near future, as it’s one of the best books on how to create a foundation for business execution, and I get to see it in action. Our Enterprise Architects tell me stories about how they are leading their customers on journeys to the Cloud and transforming IT for competitive advantage.
These are truly exciting times to be at the leading edge of business transformation.
Today we released our patterns & practices Improving Web Service security: Scenarios and Implementation Guidance for WCF on MSDN. Using end-to-end application scenarios, this guide shows you how to design and implement authentication and authorization in WCF. You'll learn how to improve the security of your WCF services through prescriptive guidance including guidelines, a Q&A, practices at a glance, and step-by-step how to articles. The guide is the result of a collaborative effort between patterns & practices, WCF team members, and industry experts.
Key Scenarios Here's the key scenarios:
Contents at a Glance
Contributors / Reviewers
I’ve shared a Scrum Flow at a Glance before, but it was not visual.
I think it’s helpful to know how to whiteboard a simple view of an approach so that everybody can quickly get on the same page.
Here is a simple visual of Scrum:
There are a lot of interesting tools and concepts in scrum. The definitive guide on the roles, events, artifacts, and rules is The Scrum Guide, by Jeff Sutherland and Ken Schwaber.
I like to think of Scrum as an effective Agile project management framework for shipping incremental value. It works by splitting big teams into smaller teams, big work into smaller work, and big time blocks into smaller time blocks.
I try to keep whiteboard visuals pretty simple so that they are easy to do on the fly, and so they are easy to modify or adjust as appropriate.
I find the visual above is pretty helpful for getting people on the same page pretty fast, to the point where they can go deeper and ask more detailed questions about Scrum, now that they have the map in mind.
Agile vs. Waterfall
Agile Life-Cycle Frame
Don’t Push Agile, Pull It
Scrum Flow at a Glance
The Art of the Agile Retrospective
I'm working with the infamous Frank Heidt, George Gal and Jonathan Bailey to create a suite of modular, task-based security code examples. They happen to be experts at finding mistakes in code. Part of making good code is knowing what bad code looks like and more importantly what makes it bad, or what the trade-offs are. I've also pulled in Prashant Bansode from my core security team to help push the envelope on making the examples consumable. Prashant doesn't hold back when it comes to critical analysis and that's what we like about him.
For this exercise, I'm time-boxing the effort to see what value we produce within the time-box. We carved out a set of candidate code examples by identifying common mistakes in key buckets, including input/data validation, authentication, authorization, auditing and logging, exception management and a few others. We then prioritized the list and do daily drops of code. The outcome should be some useful examples and an approach for others to contribute examples.
Sharing a chunk of code is easy. We quickly learned that sharing insights with the code is not. Exposing the thinking behind the code is the real value. We want to make that repeatable. I think the key is a schema with test cases.
Here's our emerging schema and test cases ....
Code Example Schema (Short Form)
For more information on the schema and test cases, see Code Example Schema for Sharing Code Insights.
Today we had a deeply insightful review with Tom Hollander, Jason Taylor, and Paul Saitta. Jason and Paul are on site while we're solving another class of problems for customers. They each brought a lot to the table and collectively I think we have a much better understanding of what makes a good, reusable piece of code.
We made an important decision to optimize around "show me the code" and then explain it, versus a lot of build up and then the code. Our emerging schema has its limits and does not take the place of a How To or guidelines or a larger resuable block of code, but it will definitely help as we try to share more modular code examples that demonstrate proven practices.
“It is not necessary to change. Survival is not mandatory.”—Edwards Deming
I gave a talk for the developer security MVPs at the Microsoft 2010 MVP Summit last week. While I focused primarily on Azure Security, I did briefly cover Agile Security Engineering. Here is the figure I used to help show how we do Agile Security Engineering in patterns & practices:
What’s important about the figure is that it shows an example of how you can overlay security-specific techniques on an existing life cycle. In this case, we simply overlay some security activities on top of an Agile software cycle.
Rather than make security a big up front design or doing it all at the end or other security approaches that don’t work, we’re baking security into the life cycle. The key here is integrating security into your iterations.
Here is a summary of the key security activities and how they play in an agile development cycle:
The sum of these activities is more than the parts and using a collection of proven, light-weight activities that you can weave into your life cycle helps you stack the deck in your favor. This is in direct contrast to relying on one big silver bullet.
Note that we originally used “reviews” which are more exploratory, but we later optimized around “inspections.” The distinction is that inspections use criteria (e.g. a 12 point inspection.) We share the criteria using security checklists for design, coding, and deployment inspections.
There are two keys to chunking up security so that you can effectively focus on it during iterations:
Stories are a great way of chunking up value. Each story represents a user performing a useful goal. As such, you can also chunk up your security work, by focusing on the security concerns of a story.
A security frame is a lens for security. It’s simply a set of categories or “hot spots” (e.g. auditing and logging, authentication, authorization, configuration management, cryptography, exception management, sensitive data, session management.) Each category is a container for principles, patterns, and anti-patterns. By grouping your security practices into these buckets, you can more effectively consolidate and leverage your security know-how during each iteration. For example, one iteration might have stories that involve authentication and authorization, while another iteration might have stories that involve input and data validation.
Together, stories and security frames help you chunk up security and bake it into the life cycle, while learning and responding along the way.
For more information on security engineering, see patterns & practices Security Engineering Explained.
If you’re afraid to look at your To-Do list, it’s not working. Your To-Do list should inspire you.
One of the things that happens a lot with To-Do lists is they can get overwhelming. It’s easy to pile on more things. Eventually, you’re afraid to even look at your To-Do list. What once started out as a great list of things to make happen, has now became a laundry list of things that hurts more than it helps.
Worse, it’s easy to spawn a lot of lists that are full of once great intentions, so the problem spreads.
There are multiple ways to hack the problem down to size, but here are the three I use the most:
Here is a simple visual that shows adding Three Wins to the top of your To-Do list:
Identify the 3 most important results you want to accomplish today and bubble them to the top of your To Do list. Prioritize your day against those 3 results you want to achieve, whether it’s incoming requests or you’re making your way through your backlog of things to do on your To-Do list.
You can use this approach to chop any To-Do list down to size and make it more consumable.
This tip on building better To-Do lists is from the book, Getting Results the Agile Way: A Personal Results System for Work and Life (Amazon).
If you’re a Windows Azure developer or you want to learn Windows Azure, this map is for you. Microsoft has an extensive collection of developer guidance available in the form of Code Samples, How Tos, Videos, and Training. The challenge is -- how do you find all of the various content collections? … and part of that challenge is knowing *exactly* where to look. This is where the map comes in. It helps you find your way around the online jungle and gives you short-cuts to the treasure troves of available content.
The Windows Azure Developer Guidance Map helps you kill a few birds with one stone:
Download the Windows Azure Developer Guidance Map
Mental Model of the Map The map is a simple collection of content types from multiple sources, organized by common tasks, common topics, and Windows Azure features:
Special Thanks … Special thanks to David Aiken, James Conard, Mike Tillman, Paul Enfield, Rob Boucher, Ryan Dunn, Steve Marx, Terri Schmidt, and Tobin Titus for helping me find and round up our various content collections.
Enjoy and share the map with a friend.
As I help more people go Agile, I try to simplify the most important concepts.
For me, one of the most important changes in Agile is what it means to the product development cycle.
I think a picture is worth a 1,000 words. I’ve put together a couple of simple visuals to show what it means to go from a Waterfall development approach to an Agile development approach.
Contrast the Waterfall Model with the Agile Model:
With these visuals, I attempted to show a couple of key ideas:
If you need to keep up with the pace of change, deal with changing requirements, keep up with user demands, while shipping value faster, Agile might be what you’re looking for.
What you don’t know can hurt you. Sometimes the world can change under your feet and you never saw it coming. I like to anticipate and stay ahead of the curve where I can. As part of our patterns & practices Application Architecture Guide 2.0 project, I’ve been hunting and gathering trends that influence software development. Rather than make this exhaustive, I wanted to share "good enough" for now, and leave you room to tell me what I've missed and share what you’re seeing in your world.
Key Notes On Trends
Trend "Hot Spots" Rather than distinguish between trends and fads, I decided to focus on “hot spots” and simply identify the topics that keep showing up in various contexts with customers, in Microsoft, in the industry, … etc.
I know the list looks simple enough, but it actually took a bit of vetting to spiral down on the ones that have wood behind the arrow and have signs of a trajectory.
David Chou on Trends ... In this post, Cloud Computing and Microsoft, David Chou identifies the following trends:
Simon Guest on Trends ... In his talk, An Architectural Overview of Software + Services, Simon Guest outlines the following industry trends:
Simon connects the dots from the trends to how they support Software + Services:
Phillip Winslow on Trends … In an Interop Keynote Panel on Current Software Trends, Phillip Winslow responded to the to please predict the biggest IT story for 2008 as follows:
“ … decoupling of the end user platform. Virtualization and desktop virtualization and layering on SAAS… Salesforce.com, gmail, etc how we think about the desktop sitting on our desk will be much different.”
“ … decoupling of the end user platform. Virtualization and desktop virtualization and layering on SAAS… Salesforce.com, gmail, etc how we think about the desktop sitting on our desk will be much different.”
TrendWatching.com on Trends ... Here's a snapshot of interesting tidbits from a an earlier version of this trend report page on TrendWatching.com:
Here's the cool part. I saw GREEN on their page well before I noticed any of the Green IT initiatives show up. It struck me as an example of consumer influencing Enterprise.
Key Posts Here's some of the posts that I found to be useful for understanding the impact and influences behind some of the trends:
Additional Resources I know this looks like a laundry list of links but these are actually helpful to quickly get what some of the topics are about:
My Related Posts
Cloud security has been a hot topic with the introduction of the Microsoft offering of the Windows Azure platform. One of the quickest ways to get your head around security is to cut to the chase and look at the threats, attacks, vulnerabilities and countermeasures. This post is a look at threats and countermeasures from a technical perspective.
The thing to keep in mind with security is that it’s a matter of people, process, and technology. However, focusing on a specific slice, in this case the technical slice, can help you get results. The thing to keep in mind about security from a technical side is that you also need to think holistically in terms of the application, network, and host, as well as how you plug it into your product or development life cycle. For information on plugging it into your life cycle, see the Security Development Lifecycle.
While many of the same security issues that apply to running applications on-premise also apply to the cloud, the context of running in the cloud does change some key things. For example, it might mean taking a deeper look at claims for identity management and access control. It might mean rethinking how you think about your storage. It can mean thinking more about how you access and manage virtualized computing resources. It can mean thinking about how you make calls to services or how you protect calls to your own services.
Here is a fast path through looking at security threats, attacks, vulnerabilities, and countermeasures for the cloud …
Overview It is important to think like an attacker when designing and implementing an application. Putting yourself in the attacker’s mindset will make you more effective at designing mitigations for vulnerabilities and coding defensively. Below is the cloud security frame. We use the cloud security frame to present threats, attacks, vulnerabilities and countermeasures to make them more actionable and meaningful.
You can also use the cloud security frame to effectively organize principles, practices, patterns, and anti-patterns in a more useful way.
Threats, Attacks, Vulnerabilities, and Countermeasures These terms are defined as follows:
Cloud Security Frame The following key security concepts provide a frame for thinking about security when designing applications to run on the cloud, such as Windows Azure. Understanding these concepts helps you put key security considerations such as authentication, authorization, auditing, confidentiality, integrity, and availability into action.
Threats and Attacks
SDL Considerations For more information on preferred encryption algorithms and key lengths, see the Security Development Lifecycle at http://www.microsoft.com/security/sdl/ .
One of the most common questions I get with Getting Results the Agile Way is, “What tools do I use to implement it?”
The answer is, it depends on how "lightweight" or "heavy" I need to be for a given scenario. The thing to keep in mind is that the system is stretch to fit because it's based on a simple set of principles, patterns, and practices. See Values, Principles, and Practices of Getting Results the Agile Way.
That said, I have a few key scenarios:
The Just Me Scenario In the "Just Me" scenario, I don't use any tools. I just take "mental notes." I use The Rule of Three to identify three outcomes for the day. I simply ask the question, "What are the three most important results for today?" Because it's three things, it's easy to remember, and it helps me stay on track. Because it's results or outcomes, not activities, I don't get lost in the minutia.
The Pen and Paper Scenario In the Pen and Paper scenario, I carry a little yellow sticky pad. I like yellow stickies because they are portable and help me free up my mind by writing things down. The act of writing it down, also forces me to get a bit more clarity. As a practice, I either write the three results I want for the day on the first note, or I write one outcome per note. The main reason I write one result per sticky note is so that I can either jot supporting notes, such as tasks, or so I can throw it away when I've achieve that particular result. It's a simple way to game my day and build a sense of progress.
I do find that writing things down, even as a simple reference, helps me stay on track way more than just having it in my head.
The Evernote Scenario The Evernote scenario is my high-end scenario. This is for when I'm dealing with multiple projects, leading teams, etc. It's still incredibly light-weight, but it helps me stay on top of my game, while juggling many things. It also helps me quickly see when I have too much open work, or when I'm splitting my time and energy across too many things. It also helps me see patterns by flipping back through my daily outcomes, weekly outcomes, etc.
It's hard to believe, but already I've been using Evernote with Getting Results the Agile Way for years. I just checked the dates of my daily outcomes, and I had switched to Evernote back in 2009. Time sure flies. It really does.
Anyway, I put together a simple step-by-step How To to walk you through setting up Getting Results the Agile Way in Evernote. Here it is:
OneNote If you’re a OneNote user, and you want to see how to use Getting Results the Agile Way with OneNote, check out Anu’s post on using Getting Results the Agile Way with OneNote.
Agile Results is the name of the system I talk about in Getting Results the Agile Way. It’s a simple time management system for meaningful results. The focus is on meaningful results, not doing more things. There are three keys to the Agile Results system:
The Rule of 3 The Rule of 3 helps you avoid getting overwhelmed. It’s also a guideline that helps you prioritize and scope. Rather than bite off more than you can chew, you bite off three meaningful things. You can use The Rule of 3 at different levels by picking three wins for the day, three wins for the week, three wins for the month, and three wins for the year. This helps you see the forest for the trees since your three wins for the year are at a higher level than your three wins for the month, and your three wins for the week are at a higher level than your three wins for the day. You can easily zoom in and out to help balance your perspective on what’s important, for the short term and the longer term.
Monday Vision, Daily Wins, Friday Reflection Monday Vision, Daily Wins, Friday Reflection is a weekly results pattern. This is a simple “time-based” pattern. Each week is a fresh start. On Mondays, you think about three wins you would like for the week. Each day you identify three wins you would like for the day. On Fridays, you reflect on lessons learned; you ask yourself, “What three things are going well, and what three things need improvement?” This weekly results pattern helps you build momentum.
Hot Spots Hot Spots are a way to heat map your life. They help you map out your results by identifying “what’s hot?.” Hot Spots become both your levers and your lens to help you identify and focus on what’s important in your life. They can represent areas of pain or opportunity. You can use Hot Spots as your main dashboard. You can organize your Hot Spots by work, personal, and the “big picture” of your life. At a glance, you should be able to quickly see the balls you are juggling and what’s on your plate. To find your Hot Spots, simply make a list of the key things that need your time and energy. Then for each of these key things, create—a simple list, a “tickler list” that answers the question, “What do you want to accomplish?” Once you know the wins you want to achieve in your Hot Spots, you have the ultimate map for your meaningful results.
You can use Agile Results for work or home or anywhere you need to improve your results in life. Agile Results is compatible with, and can enhance the results of, any productivity system or time management you already use. That’s because the foundation of the Agile Results platform is a core set of principles, patterns, and practices for getting results.
The simplest way to get started with Agile Results is to read Getting Started with Agile Results, and take the 30 Day Boot Camp for Getting Results.
Today we released our patterns & practices Application Architecture Guide 2.0 Beta 2. This is our Microsoft playbook for the application platform. It's our guide to help solution architects and developers make the most of the Microsoft platform. It's a distillation of many lessons learned. It’s principle-based and pattern-oriented to provide a durable, evolvable backdrop for application architecture. It's a collaborative effort among product team members, field, industry experts, MVPs, and customers. This is the guide that helps you understand our platform, choose among the technologies, and build applications based on lessons learned and proven practices.
Key Changes in Beta 2 Beta 2 is a significant overhaul of the entire guide. We carried the good forward. We made some key additions:
Key Scenarios The guide helps you address the following scenarios:
Conceptual Framework At a high level, the guide is based on the following conceptual framework for application architecture:
Reference Application Architecture We used the following reference application architecture as a backdrop for explaining how to design effective layers and components:
Core Dev Team
"To hell with circumstances; I create opportunities." – Bruce Lee
Motivation is a key to making things happen, whether you’re developing software, leading teams, or just getting yourself out of bed and on with your day.
It's hard to change the world, or even just your world for that matter, if you lack the motivation or drive. In a world where there is plenty that can bring you down, the best thing you can do is arm yourself with motivation techniques that work, and motivation theories that explain *why* they work.
Motivation Techniques You can motivate yourself with skill, as well as others, if you know the key motivation techniques. Here is my latest collection of motivation techniques and methods at a glance:
You can use the motivation techniques to motivate yourself and others.
Motivation Theories There are a lot of motivation theories that are relevant, and some have evolved over the years. Maslow’s Hierarchy of Needs is useful to know for understanding some basic drivers. It’s also useful to know David McClelland’s Theory of Needs , and that focuses on achievement, affiliation, and power as key drivers.
It’s also useful to distinguish between intrinsic and extrinsic motivation. For example, if you depend on other people to carrot or stick you, you’re driving from extrinsic motivation. If instead, you’re doing something because it makes you feel alive or unleashes your passion or simply just for a job well done, then you’re driving from intrinsic motivation, and that is a powerful place to be.
It’s also useful to know that at the end of the day, purpose is the most powerful driver, and if you can connect what you do to your purpose, then you bring out your best and you’re a powerful force to be reckoned with. Purpose, passion, and persistence change the game.
Timeline of Motivation Theories, Studies, and Models Here is a timeline of some interesting work on the study of motivation:
Motivation Quotes If you need some inspiring words of wisdom, be sure to explore my collection of motivation quotes.
One of the questions I get asked is how did we execute our patterns & practices Application Architecture Guide 2.0 project, on time and on budget? It was a six month project, during which we ....
2 Keys to Success We used two keys to success:
Fix Time, Flex Scope One of the most successful patterns I've used for years now is to fix time, and flex scope. The idea is to deliver incremental value and find a way to flow value along the way rather than wait for one big bang at the end. This allows you to deliver the most timely and relevant value with a healthy worklife balance. It helps reduce project risk along the way. More importantly, it helps get your stakeholders on board, by showing them results versus just trust you to the end. Scope is the best to flex because there's the least amount of precision or accuracy up front, and it enables you to respond to the market or stakeholder concerns more effectively.
Agile Guidance Engineering This is the secret sauce. I call it Agile Guidance Engineering:
In a nutshell, Agile Guidance Engineering is about building guidance using nuggets of specific types (how tos, guidelines, checklists ... etc.) and composing them into books. The books themselves are actually an information model. The information model is designed to both structure the content as well as structure the problem domain. We vet the nuggets as we go for feedback, and we prioritize, tune, and improve them along the way.
I've used Agile Guidance Engineering successfully to build the following Microsoft patterns & practices Blue Books:
Today we posted our updated software architecture best practices at a glance to CodePlex, as part of our patterns & practices Application Architecture Guide 2.0 project:
They’re essentially a brief collection of problems and solutions around building software applications. The answers are short and sweet so that you can quickly browse them. You can think of them as a bird’s-eye view of the problem space we tackled. When we add them to the Application Architecture Guide 2.0, we'll provide quick links into the guide for elaboration.
This is your chance to bang on the set of problems and solutions before Beta 2 of the guide.
I had 20 minutes before my meeting so I did a quick step through of the new Microsoft Cloud Analysis Tool and the Infrastructure Optimization Self-Assessment Tool.
The Microsoft Cloud Analysis Tool helps you build a roadmap to the Cloud based on your business needs, constraints, and desired attributes. It’s a “what if” for the Cloud, that you can play out the possibilities by changing your parameters. That’s a mighty powerful thing if you are trying to cycle through various options and understand the trade-offs. In fact, independent of the actual content in the tool, I think the most valuable part is the framing of the decisions. If you use nothing else, you can at least use the frames to help you accelerate your own Cloud decision making, and make more informed choices.
I limited my words and focused on screen captures so that you can quickly scan the end-to-end to see the inputs and the outputs.
Here is a summary of the tools:
Here is the home page of the Microsoft Cloud Analysis Tool and Microsoft Infrastructure Optimization Self-Assessment Tool:
Step 1 - Create an Account
Step 2 – Create a Profile
Profile a Workload
Step 3 – Choose a Discovery Activity
The output includes
Architecture Diagram (Visio)
I posted my Lessons Learned in 2008 on Sources of Insight. 2008 was a pretty insightful year for me. I met a lot of great people, read a lot of books, and learned a lot along the way. I recapped my top 10 lessons here.
Top Ten Lessons for 2008
Here is a simple map of the Silverlight videos available from www.Silverlight.net.
While making our map, I was surprised to see how many Silverlight videos there are, compared to code samples or How Tos. That said, if you need a Silverlight video, I think you’re in luck. Currently this is a flat list. There are many possible improvements. For example, now it should be easy to bubble up the favorite videos. It’s also possible to add a “Getting Started” section at the top and group all the videos related to getting started.
Categories The categories are simply groups based on the existing videos mapped to common areas of concern. We used the following categories to chunk up the video collection into common tasks and topics:
Events and Delegates
Graphics and 3-D
Layout, Input, and Printing Security
Networking and Communication
Styles and Templates
Text and Rich Text
Video and Audio
WCF RIA Services
To Be Sorted …
Cloud computing is hot. As customers makes sense of what the Microsoft cloud story means to them, one of the first things they tend to do is look for case studies of the Microsoft cloud platform. They like to know what their peers, partners, and other peeps are doing.
Internally, I get to see a lot of what our customers are doing across various industries and how they are approaching the cloud behind the scenes. It’s amazing the kind of transformations that cloud computing brings to the table and makes possible. Cloud computing is truly blending and connecting business and IT (Information Technology), and it’s great to see the connection. In terms of patterns, customers are using the cloud to either reduce cost, create new business opportunities and agility, or compete in ways they haven’t been able to before. One of the most significant things cloud computing does is force people to truly understand what business they are in and what their strategy actually is.
Externally, luckily, we have a great collection of Microsoft cloud case studies available at Windows Azure Case Studies.
I find having case studies of the Microsoft cloud story makes it easy to see patterns and to get a sense of where some things are going. Here is a summary of some of the case studies available, and a few direct links to some of the studies.
Advertising Industry Examples of the Microsoft cloud case studies in advertising:
Air Transportation Services Examples of the Microsoft cloud case studies in air transportation services:
Capital Markets and Securities Industry Examples of the Microsoft cloud case studies in capital markets and securities:
Education Examples of the Microsoft cloud case studies in education:
Employment Placement Agencies Examples of the Microsoft cloud case studies in employment agencies:
Energy and Environmental Agencies Examples of the Microsoft cloud case studies in enery and environmental agencies:
Financial Services Industry Examples of the Microsoft cloud case studies in the financial services industry:
Food Service Industry Examples of the Microsoft cloud case studies in the food service industry:
Government Agencies Examples of the Microsoft cloud case studies in government agencies:
Healthcare Industry Examples of the Microsoft cloud case studies in healthcare:
High Tech and Electronics Manufacturing Examples of the Microsoft cloud case studies in high tech and electronics manufacturing:
Hosting Examples of the Microsoft cloud case studies in hosting:
Insurance Industry Examples of the Microsoft cloud case studies in the insurance industry:
IT Services Examples of the Microsoft cloud case studies in IT services:
Life Sciences Examples of the Microsoft cloud case studies in life sciences:
Manufacturing Examples of the Microsoft cloud case studies in manufacturing:
Media and Entertainment Industry Examples of the Microsoft cloud case studies in media and entertainment:
Metal Fabrication Industry Examples of the Microsoft cloud case studies in metal fabrication:
Nonprofit Organizations Examples of the Microsoft cloud case studies in non-profit organizations:
Oil and Gas Industry Examples of the Microsoft cloud case studies in oil and gas:
Professional Services Examples of the Microsoft cloud case studies in professional services:
Publishing Industry Examples of the Microsoft cloud case studies in publishing:
Retail Industry Examples of the Microsoft cloud case studies in retail:
Software Engineering Examples of the Microsoft cloud case studies in software:
Telecommunications Industry Examples of the Microsoft cloud case studies in telecommunications:
Training Industry Examples of the Microsoft cloud case studies in training:
Transportation and Logistics Industry Examples of the Microsoft cloud case studies in transportation:
When I ramp new folks on the team, I find it helpful to whiteboard how I build prescriptive guidance. Here's a rough picture of the process:
Examples I've used the same process for Performance Testing Guidance, Team Development with Visual Studio Team Foundation Server, and WCF Security.
Here's a brief explanation of what happens along the way:
Design The dominant focus here is identifying candidate problems, candidate solutions, and figuring out key risks, as well as testing paths to explore. The best outcome is a set of scenarios we can execute against.
Execution The dominant focus here is product results. It's scenario-driven. Each week we pick scenarios to execute against.
Release We produce a Knowledge Base (KB) of guidance modules and a guide. The guidance modules are modular and can be reused. The guide includes chapters in addition to the guidance modules. Here's examples from our WCF Security Guide:
Agile Publishing We release our guidance modules along the way to test reactions, get feedback and reshape the approach as needed.
Stable Reference Once we've tested and vetted the guidance and have made it through a few rounds of customer feedback, we push the guidance to MSDN.
While trying to create threat model template for customers, I analyzed many threat models inside and outside Microsoft. It was insightful to see the patterns of what was useful across threat models and what was noise.
A good threat model has the following components:
A good threat model serves the following purposes:
By far, the most tangible output of the threat modeling activity is a prioritized list of vulnerabilities. These are action items for your developers and input for your testers. The developer makes a call on whether and how to fix, and the tester will test the fix.
This sample Template for a Web Applications Threat Model comes very close to showing what I've empirically seen to be useful, though there's always a gap between reality and real-time.
What is a PM (Program Manager)? While the Program Manager role seems unique to Microsoft, in general, when you map it to other companies, it’s a product manager, or a project manager, or a combination of the two. At Microsoft, there are various flavors of PMs (“design” PM, “project” PM, “process” PM, etc.) and the PM discipline can be very different in different groups. I’ve also seen the PM title used as a general job title, in the absence of something more specific.
At Microsoft it’s a role that means many things to many people. In general though, when you meet a PM at Microsoft, you expect somebody who has vision, can drive a project to completion, can manage scope and resources, coordinate work across a team, bridge the customer, the business, and the technology, act as a customer champ, and influence without authority. From a metaphor standpoint, they are often the hub to the spokes, they drive ideas to done, they take the ball and run with it, or find out who should run with the ball. Some PMs are better at thought leadership, some are better at people leadership, and the best are great at both.
Here is a roundup of some of my favorite points that elaborate, clarify, and distill what a PM is, what a PM does, and how to be one.
Attributes and Qualities of a PM Here is a list of key attributes from Steven Sinofsky’s post -- PM at Microsoft:
Here is an example of PM qualities from Sean Lyndersay’s post -- Exchange team defines a Program Manager:
Microsoft Careers site on Program Manager Here is a description of a Program Manager from the Microsoft Careers site: “As a Program Manager, you’ll drive the technical vision, design, and implementation of next-generation software solutions. You’ll transform the product vision into elegant designs that will ultimately turn into products used by Microsoft customers. Managing feature sets throughout the product lifecycle, you’ll have the chance to see your design through to completion. You’ll also work directly with other key team members including Software Development Engineers and Software Development Engineers in Test. Program Managers are advocates for end-users, so your passion for anticipating customer needs and creating outside-the-box solutions for them will really help you shine in this role. As a Program Manager you will have the ability to lead within a product’s life cycle using evangelism, empathy, and negotiation to define and deliver results. You will also be responsible for authoring technical specifications, including envisaged usage cases, customer scenarios, and prioritized requirements lists.”
Chris Pratley on Program Manager Here are some points on Program Management from Chris Pratley’s post -- Program Manager:
Here are the stages of your first year as a PM, according to Pratley:
Joel Spolsky on Program Manager Here are points from Joel’s post on How To Be a Program Manager:
Ray Schraff on Program Manager Here are point from the comments on Chris Pratley’s post, Program Management:
Sean Lyndersay on Program Manager
Steven Sinofsky on Program Manager Here are points from Sinfoksy’s post on PM at Microsoft:
Are you I-shaped, T-shaped, or E-shaped?
I is depth, T is breadth, and E executes (Of course there’s overlap, but you get the idea.)
If you think of yourself as a mini-business, can you “execute” your ideas? (either yourself, with others, or through others, and amplify your impact) And, by the way, just how important is the ability to execute? Well, it’s important enough that Gartner uses “Ability to Execute” as a key criteria in its Magic Quadrants.
Ability to execute + high-impact ideas are a recipe for value.
After all, what good are a bunch of ideas if you can’t make them happen.
Keep these mental models in mind as you design your career path and grow your capabilities, skills, and experiences.
With that in mind, let’s explore a little more …
Here's what Wikipedia says about T-shaped people:
"The concept of T-shaped skills, or T-shaped persons is a metaphor used in job recruitment to describe the abilities of persons in the workforce. The vertical bar on the T represents the depth of related skills and expertise in a single field, whereas the horizontal bar is the ability to collaborate across disciplines with experts in other areas and to apply knowledge in areas of expertise other than one's own."
(The earliest reference to T-shaped people is by David Guest in "The hunt is on for the Renaissance Man of computing," in The Independent, September 17, 1991.)
By contrast, I-shaped people have a very narrow, but expert domain skills in one specific area.
According to Sarah Davanzo, E-Shaped people are those that "execute":
“People (workers) today also need to be able to execute. As they say, 'ideas are like noses, everyone has one.' I’m tired of people coming to me with a great idea or invention, but with no clue how to bring it fruition. Real genius is being able to execute ideas. “
According to Sarah Davanzo, an “ideas person” isn’t good enough. You need the ability to execute. Here’s what Sarah says:
“Being an experienced, expert, exploratory “ideas person” isn’t good enough in today’s culture, and here’s why. The trends clearly favor those with “breadth” and “depth”, as well as the tangible (execution) and intangible (exploration), implying having both a big-picture outlook and an attention to detail from being a practitioner.”
According to Sarah Davanzo, “E-shaped” people have a combo of 4 Es:
“’E-Shaped People’ have a combination of ‘4-E’s’: experience and expertise, exploration and execution. The last two traits – exploration and execution – are really necessary in the current and future economy.”
Note – If you want to work on your ability to execute, Getting Results the Agile Way is a good way to start (It’s the playbook I wish somebody would have given me long ago.)
According to Sarah Davanzo, your CQ matters more than your IQ and EQ:
“Exploration = curiosity. Innovation and creative problem solving is tied to one’s “curiosity quotient” (CQ). In this day and age of constant change (think: Moore’s Law), one’s CQ is more useful than one’s IQ or EQ.”
Side note – Edward de Bono wrote about how exploring ideas is how to have a beautiful mind.
Bill Buxton puts a spin on “I-shaped” people in his article on Innovation Calls for I-Shaped People:
“But while I love Bill's (Bill Moggridge) notion of T-shaped people, things are just not that simple. So as both compliment and complement, I propose I-shaped people. These have their feet firmly planted in the mud of the practical world, and yet stretch far enough to stick their head in the clouds when they need to. Furthermore, they simultaneously span all of the space in between.”
According to Bill Buxton, at Microsoft we purposefully plan for equal levels of competence and creativity in business, design, and technology:
“When you slide multiple Ts together, their cross bars all overlap, indicating that the various Ts have a common language, and, ideally, their combined base can be broad enough to cover the domain of the problem that you are addressing. At ( (MSFT)), we try to make sure that in looking at new product or services ideas, we have at least three Ts, which we call BXT, reflecting equal levels of competence and creativity in three domains: business, (in design), and technology. These are three interdependent and interwoven pillars we see as the foundation for what we do.”
Outstanding people can generalize and abstract, as well as get specific and make things actually work. They bridge the head in the clouds and feet on the ground with other people. Bill Buxton writes:
“I once asked him (Brian Shackel) if he had noticed any particular attributes that distinguished the students that went on to do remarkable things compared with the rest. His answer was as immediate as it was insightful. He said: ‘The outstanding students all had an outstanding capacity for abstract thinking, yet they also had a really strong grounding in physical materials and tools.’ By this, he meant that they could rise above the specifics of a particular problem to think about them in a more abstract, and in some ways, more general way.”
One way to grow your T-Shape is to grow your personal effectiveness capabilities. The U.S. department of labor actually has a Competency Model Clearninghouse. You can easily browse different industries and find a list of Personal Effectiveness capabilities. For example, in the Information Technology Competency Model, they list the following Personal Effectiveness Capabilities:
BTW – did you notice that Personal Effectiveness is at the base of the pyramid of the competency model? The higher you go up, the more narrow and specific it gets. The lower you go, the broader and more general the competency model is. Personal Effectiveness is at the base of all the pyramids. That should tell you something.
Note – If you want to work on your personal effectiveness skills, I have a knowledge base at Sources of Insight that focuses on personal effectiveness, personal development, leadership, productivity, emotional intelligence, time management, strengths, motivation, and more.
Ability to Execute
Agile Downsizing: Why Agile Skills Improve a Project Manager’s Job Security
Anatomy of a High-Potential
Generalists vs. Specialists
The Microsoft Career Survival Guide