DevOps Ideas, Patterns, and Practices are Central to Agile 2
According to Deutsche Bank CIO Frederic Veron, “enterprises that wish to reap the potentially rich rewards of getting IT and business line leaders to build software together in agile fashion must also embrace the DevOps model.”
Why is that? It’s simple: DevOps is necessary to scale Agile. DevOps practices are what enable an organization to rapidly deploy changes to many different parts of their product, across many products, on a frequent basis—with confidence.
That last part is key. Companies like Amazon, Google, and Netflix developed DevOps methods so that they could deploy frequently at a massive scale without worrying if they will break something. DevOps is, at its core, a risk management strategy. DevOps practices are what enable you to maintain a complex multi-product ecosystem and make sure that everything works. DevOps substitutes traditional risk management approaches with what the Agile 2 authors call real-time risk management.
You might think that all this is just for software product companies. But today, most organizations operate on a technology platform, and if you do, then DevOps applies. DevOps methods apply to any enterprise that creates and maintains products and services that are defined by digital artifacts.
DevOps methods apply to any enterprise that creates and maintains products and services that are defined by digital artifacts.
That includes manufacturers, online commercial services, government agencies that use custom software to provide services to constituents, and pretty much any large commercial, non-profit, and public sector enterprise today.
As JetBlue and Breeze airlines founder David Neeleman said, “we’re a high-tech company that just happens to fly airplanes,” and Capital One Bank’s CIO Rob Alexander said, “We’re a founder-led, 20-year-old technology company.”
Most large businesses today are fundamentally technology companies that direct their efforts toward the markets in which they have expertise, assets, and customer relationships.
DevOps Is Necessary at Scale
Scaling frameworks such as SAFe and DA provide potentially useful patterns for organizing the work of lots of teams. However, DevOps is arguably more important than any framework, because without DevOps methods, scaling is not even possible, and many organizations (Google, Amazon, Netflix…) use DevOps methods at scale without a scaling framework.
If teams cannot deploy their changes without stepping on each other’s work, they will often be waiting or going no faster than the slowest team, and lots of teams will have a very difficult time managing their dependencies—no framework will remedy that if the technical methods for multi-product dependency management and on-demand deployment at scale are not in place. If you are not using DevOps methods, you cannot scale your use of Agile methods.
How Does Agile 2 View DevOps?
DevOps as it is practiced today is technical. When you automate things so that you can make frequent improvements to your production systems without worrying about a mistake, you are using DevOps. But DevOps is not a specific method. It is a philosophy that emerged over time. In practice, it is a broad set of techniques and approaches that reflect that common philosophy.
With the objective of not worrying in mind, you can derive a whole range of techniques to leverage tools that are available today: cloud services, elastic resources, and approaches that include horizontal scaling, monitoring, high-coverage automated tests, and gradual releases.
While DevOps and Agile seem to overlap, especially philosophically, DevOps techniques are highly technical, while the Agile community has not focused on technical methods for a very long time. Thus, DevOps fills a gap, and Agile 2 promotes the idea that Agile and DevOps go best together.
DevOps evangelist Gene Kim has summarized DevOps by his “Three Ways.” One can paraphrase those as follows:
- Systems thinking: always consider the whole rather than just the part.
- Use feedback loops to learn and refine one’s artifacts and processes over time.
- Treat everything as an experiment that you learn from, and adjust accordingly.
The philosophical approaches are very powerful for the DevOps goal of delivering frequent changes with confidence, because (1) a systems view informs you on what might go wrong, (2) feedback loops in the form of tests and automated checks tell you if you hit the mark or are off, and (3) if you view every action as an experiment, then you are ready to adjust so that you then hit the mark. In other words, you have created a self-correcting system.
Agile 2 takes this further by focusing on the entire value creation flow, beginning with strategy and defining the kinds of leadership that are needed. Agile 2 promotes product design and product development as parallel and integrated activities, with feedback from real users and real-world outcomes wherever possible. This approach embeds Gene Kim’s three DevOps “ways” into the Agile 2 model, unifying Agile 2 and DevOps.
Download this White Paper here!
 Agile 2: The Next Iteration of Agile, by Cliff Berg et al, pp 205 ff.
We all are humans and tend to take the easy route when we come across certain scenarios in life. Remembering passwords is one of the most common things in life these days, and we often tend to create a password that can be easily remembered to avoid the trouble of resetting it in case we forget it. In this blog, I am going to discuss a tool called “Have I Been Pwned”(HIBP) which is going to help us find any passwords that were seen in recent cybersecurity or data breaches.
What is HIBP? What is it used for?
“Have I Been Pwned” is an open-source initiative that helps people to check if their login information has been included in any breached data archives circling the dark web. In addition, it also allows users to check how often a given password has been found in the dataset – testing the strength of a password against dictionary-style brute force attacks. Recently, the FBI released a statement that they are going to closely work with the HIBP team to share the breached passwords for users to check against it. This open-source initiative is going to help a lot of customers avoid using breached passwords when creating accounts on the web. We used the HIBP API to help our customers who use custom web-based applications get alerted of any pwned passwords that they used while creating accounts. In this way, the users will be aware of not using such breached passwords that have been seen multiple times on the dark web.
How does it work?
HIBP stores more than half a billion pwned passwords that have previously been exposed in data breaches. The entire data set is both downloadable and searchable online via the Pwned Passwords page. Each password is stored as an SHA-1 hash of a UTF-8 encoded password and the password count with a colon (:) and separated by each line with a CRLF.
If we must use an API to search online for the password that was breached multiple times, we cannot send the actual source password over the web as it will compromise the integrity of the user’s password that got entered during account creation.
To maintain anonymity and protect the value of the source password being searched for, Pwned Passwords implements a k-Anonymity model that allows a password to be searched for by partial hash using search by range. In this way, we just need to pass the first 5 characters of an SHA-1 password hash (not case-sensitive) to the API which will respond with the suffix of every hash beginning with the specified prefix, followed by a count of how many times it appears in the dataset. The API consumer now can search the results that match the source password hash by comparing them with the prefix and the suffix of the hash results. If the source hash was not found in the results, it means that the password was not breached until date.
Pass2Play is one of our custom web-based solutions where we integrated the password breach API to detect any breached passwords during the sign-up process. Below is the workflow:
- The user goes to sign up for the account.
- Enters username and password to sign up.
- After entering the password, the user gets a warning message if the password was ever breached and how many times was it seen.
In the above screen, the user entered the password as “P@ssword” and got a warning message which clearly says that the entered password has been seen 7491 times based on the dataset circling in the dark web. We do not want our users using such passwords for their accounts which could get compromised later using dictionary-style brute-force attacks.
Architecture and Process flow diagram:
API Request and Response example:
SHA-1 hash of P@ssword: 9E7C97801CB4CCE87B6C02F98291A6420E6400AD
Response: Returns 550 lines of hash suffixes that matches the first 5 chars
The highlighted text in the above image is the suffix that matches the first 5 hash chars’ prefix of the source password and has been seen 7491 times.
I would like to conclude this blog by saying that integration of such methods in your applications can help organizations avoid larger security issues since passwords are still the most common way of authenticating users. Alerting the end-users during account creation will make them aware of breached passwords which will also train the end users on using strong passwords.
Everyone says you should use Agile. The call for Agile has reached the CEO level: I myself have heard CEO announcements stating that the organization must use “Agile”—whatever that is, because I wonder how many actually know.
On the other hand, how many Agile proponents actually understand what Agile is? As I wrote in a recent article, Old Versus New Agile, Agile has changed—and changed a lot. Thus if you bring in “Agile” consultants to help, are they using “old Agile,” or “new Agile”?
Old Agile is arguably very limited, and does not acknowledge the realities of a large organization. What I refer to as “new Agile”—and I believe it is described well by Agile 2—is completely focused on the general problem of agility, and how that plays out in the broad range of situations, including and especially large organizations. Because to do big things—profitable things at scale—you need a very sophisticated model. Agile 2 provides that.
I have seen IT managers make tragic and far-reaching mistakes in their attempt to follow “old” Agile. For example, in more than one case an IT SVP eliminated all roles pertaining to testing. I wrote in an article why that is a tragic error that eventually results in terrible quality issues and actually impedes agility.
Old Agile is not all bad. It broke the grip of rigid approaches being pushed at the time by PMI and the procurement school of thought. In a fast-changing market, custom market-facing software cannot be “procured”: it must be seen as something that evolves over time. Agile made us face that. Some of the ideas that it brought into the forefront were:
- Phase-based (requirements, design, implementation) software development does not usually work.
- Business users often do not know what they want or need.
- It is almost impossible to fully design software up front
- Documents alone are not effective for communicating things
- Don’t build something entirely in one go
- Big teams do not work
- Don’t micromanage how developers work
- Don’t trust anything until you see it running
- Build quality in
- More effort ≠ better; automate to avoid effort
- Continuously reflect and improve
These are all good things, especially if one views them as reminders rather than absolutes. But the Agile community also came to espouse some extreme and ultimately toxic viewpoints—again, especially if one views them as absolutes (which is often the case). I consider these views to be part of “old” Agile. These include:
⚠️ Teams do not need leaders, except to “remove impediments”.
⚠️ Always trust the team.
⚠️ A team must be completely autonomous.
⚠️ Multiple teams will collectively self-organize.
⚠️ Written communication is not important.
⚠️ Everyone must sit together.
⚠️ Most challenges pertain to individual contributor team behavior.
⚠️ Teams can resolve technical issues if leaders merely “get out of the way.”
⚠️ If Agile does not work at scale, it is the organization’s “fault.”
⚠️ Specific technical practices such as pair programming and TDD are always “best.”
In contrast, “new” Agile ideas are markedly different. A tiny sampling of these authors includes Klaus Leopold, Nicole Forsgren, Jeff Dalton, David Marquet, Matthew Skelton, Manuel Pais, Mirco Hering, Mark Schwartz, and Gary Gruver, as well as some “old Agile” authors who have evolved a mature view over time (or had one from the beginning) such as Johanna Rothmann, Diana Larsen, as well as myself and the 15 members of the Agile 2 team.
You probably see now that the peril of bringing in Agile consultants is that you might not know if they embrace “old” Agile ideas or “new” Agile ideas. But that is not all. “New” Agile includes many additional narratives that are critical for achieving agility at scale. The Agile 2 team attempted to summarize these through its principles, but a very abbreviated summary is as follows. Note that these are considerably at variance with “old” Agile, but are well aligned with the “new” Agile that Agile 2 and many of the above authors advocate:
- The predominant forms of leadership are the most determinant factors of success.
- Someone usually needs to coordinate things, and be the organizer.
- On any team, one wants a “missionary, not mercenary”—someone who values the organization’s success first and foremost.
- There are many forms of leadership: team focused, advocate focused, technically focused, and maybe others; as well as individual leadership.
- The organization needs to explicitly focus on encouraging benign and effective forms of leadership, and take steps to avoid giving the wrong people authority—avoiding people who “seem like leaders,” and instead selecting (actively or passively) those who are the “missionaries” and the helpers.
- Leadership is needed at every level of an organization, and the same principles apply.
- Leaders of tech-focused organizations not only need to understand outcomes, but they also need to understand how the work is done, because the “how” is often strategic.
On a systems approach:
- Don’t be extreme, unless the situation is extreme.
- Always think holistically—in terms of the whole system.
- Product design is an essential element, apart from product implementation; yet the two are intertwined.
- Direct feedback from customers and stakeholders is the only way to measure success.
- Product implementation teams must be partners with business stakeholders—not mere order takers.
- Data is strategic, and it must not be treated as an afterthought.
- Collaboration is essential, but so is deep thought. People often need quiet and isolation in order to think deeply.
- People work, communicate, and collaborate best differently. A one-size-fits-all approach is not effective.
- Team autonomy is an essential aspiration; but for a complex endeavor, full autonomy is seldom fully realizable.
- Some people want to be experts. Some people want to be generalists. Some are in between. All are valuable.
- Both teams and individuals matter. Don’t over-emphasize one over the other.
- A team should collectively decide how to approach its work; but then individuals perform the work and interact as they need to.
- Transformations are mostly a learning journey—not a process change.
- Never use a framework as defined: treat it as a source of ideas—not an Agile-by-numbers process.
Agile is not a single theory or approach. There is great diversity of thought within the Agile community. When choosing consultants or an approach for adopting Agile methods, be thoughtful about who you choose. Ask yourself, are they interested in putting people on the ground to deliver a commodity service? Or are they deeply thoughtful about what they do, and represent mature and effective viewpoints? And will the people they provide be as up-to-date and astute about the nuances of old versus new Agile ideas as those who have had conversations with you? Because it matters.
Recently, I read an article titled, “Why Distributed Software Development Teams Work Infinitely Better”, by Boris Kontsevoi.
It’s a bit hyperbolic to say that distributed teams work infinitely better, but it’s something that any software development team should consider now that we’ve all been distributed for at least a year.
I’ve worked on Agile teams for 10-15 years and thought that they implicitly required co-located teams. I also experienced the benefits of working side-by-side with (or at least close to) other team members as we hashed out problems on whiteboards and had adhoc architecture arguments.
But as Mr. Kontsevoi points out, Agile encourages face-to-face conversation, but not necessarily in the same physical space. The Principles behind the Agile Manifesto were written over 20 years ago, but they’re still very much relevant because they don’t prescribe exactly “how” to follow the principles. We can still have face-to-face conversations, but now they’re over video calls.
This brings me to a key point of the article -” dispersed teams outperform co-located teams and collaboration is key”. The Manifesto states that building projects around motivated individuals is a key Agile principle.
Translation: collaboration and motivated individuals are essential for a distributed team to be successful.
- You cannot be passive on a team that requires everyone to surface questions and concerns early so that you can plan appropriately.
- You cannot fade into the background on a distributed team, hoping that minimal effort is good enough.
- If you’re leading a distributed team, you must encourage active participation by having regular, collaborative team meetings. If there are team members that find it difficult to speak above the “din” of group meetings, seek them out for 1:1 meetings (also encouraged by Mr. Kontsevoi).
Luckily, today’s tools are vastly improved for distributed teams. They allow people to post questions on channels where relevant team members can respond, sparking adhoc problem-solving sessions that can eventually lead to a video call.
Motivated individuals will always find a way to make a project succeed, whether they’re distributed, co-located, or somewhere in between. The days of tossing software development teams into a physical room to “work it out” are likely over. The new distributed paradigm is exciting and, yes, better – but the old principles still apply.
Organizations with internal cultures that are aligned with their strategies are far more effective than those without aligned cultures. Decades of data prove this. For example, over the last 50 years, culture specialist Human Synergistics has compiled data on more than 30,000 organizations and it clearly shows strong correlations between specific organizational culture attributes and business performance. Yet it is common for organizations to ignore culture when trying to implement their strategies.
Agile 2 is a more mature version of Agile, and it relies on having a supporting healthy culture. In fact, analysis that Agile 2 Academy has done with Human Synergistics shows that Agile 2 ideas strongly align with what Human Synergistics calls a Constructive culture, which is the most effective kind.
When an organization decides to adopt Agile 2 (or any Agile) methods, it is common to define a set of “practices” that development teams must follow. This is an essential step, but there are some great perils in assuming this approach is enough:
- Many, if not most, practices require people to learn new skills, make new judgments, and behave in new ways. Practices alone are not enough.
- Most of the obstacles to using Agile 2 (or legacy Agile) methods actually exist outside of the development teams. These obstacles are widespread and manifest as management behaviors, lack of supporting systems that Agile teams need, and processes and procedures that make it nearly impossible for teams to operate with agility.
Peril #1 means that people will not be able to execute the practices. They will “go through the motions”—but Agile 2 (agility) is, in its essence, a replacement of step-by-step processes with just-in-time contextual decision-making. If people follow practices and make poor judgments, then the organization will suffer from ongoing bad decisions and poor outcomes. But if the organization’s culture is one that encourages people to seek safety through following procedure, rather than relying on their judgment, then they will not be willing to make judgments: they will copy what others do, and perhaps do the wrong thing.
Peril #2, that most obstacles to agility originate from beyond the teams, is seldom appreciated by organizations beginning an Agile journey. Senior leadership often views Agile as something that development teams and individual contributors do. They don’t realize the extent to which Agile—having agility—relies on having the right support systems in place and the right kinds of leadership supporting the teams.
If the organization has a culture of hands-off leadership, then people who find themselves in a leadership role will not know how to behave when leadership is needed. For example, a common situation is when managers have learned the Agile practice that teams “self organize” but do not realize that that is just a placeholder or reminder. Most teams cannot self-organize well; they need leadership. Self-organization is an aspiration, not a starting point.
The need for leadership is even more acute when one has many teams, and they need to coordinate, and resolve issues such as “How will we design the product? How will we involve real users? How are we going to integrate? How will we manage quality? How will we support our product? How will we agree on branch and merge strategies for the product as a whole?”
When people in a non-Agile organization implement Agile practices, they look for a rule book or procedure to follow, because that is what they are used to, but there isn’t one. If you were to create one, it would not work everywhere, because every Agile decision and judgment is contextual. It always depends; that is what yields agility and makes it possible for people to select the shortest path for each situation.
The above are aspects of the organization’s culture: the ability to discuss issues openly and honestly so that they can be resolved, the willingness to take risks when making a decision, and the patterns of leadership that people have learned. There are many other dimensions of culture that are essential for agility, such as the inclination to learn, the tendency to try things on a small scale before scaling up, and the acceptance of things not going perfectly the first time.
As Peter Drucker said, “Culture eats strategy for breakfast,” and that certainly is true for Agile transformations. If you don’t address your organization’s culture, your agile strategy with its new practices will fail to yield the desired outcomes, and Agile will become a source of problems instead of a driving force for business agility. The good news is that culture can be changed, with the right commitment and the right approach. Agile 2 Academy considers culture improvement to be an important element in business agility. An Agile transformation strategy that includes analyzing and improving your organization’s culture is far more likely to succeed than simply adopting a set of agile practices or frameworks and hoping for the best.
 The best-selling book Accelerate documents research that makes this connection in the context of Agile and DevOps.
Did you know nearly 50% of the world‘s population uses social media platforms? Social media is far-reaching, powerful and has become a necessary component of everyday life. It has certainly changed many aspects of our day-to-day needs, from the way we keep up with the news to the way we interact with our peers.
At CC Pace, we strive to use social media to tell our story, share industry knowledge, and connect directly with our clients, prospects, candidates, and team members. You can find us on LinkedIn, Facebook, Twitter, and YouTube. Our goal with all of these platforms is to provide a way for our followers to relate to us on a more personal level. A goal that has become particularly important to us as we have been forced to relinquish our much-appreciated personal connections, and transition to this mostly digitally connected world we are living in.
While we work hard to keep you informed of all our news, offerings, job opportunities, and thought leadership we also like to focus on the human aspects of CC Pace. We recognize how important it is to be able to put a name with a face, and to share a story at a personal level, which is why we revamped our YouTube channel! Now, when you visit our YouTube channel not only are you able to watch a webinar, and learn more about what we do, but you can also hear directly from many of our team members, join in the fun and see the lighter side of CC Pace. We invite you to take a moment and explore what our YouTube channel has to offer and, if you like what you see, become a follower and subscribe!
Click here to download this white paper.
To learn more about Agile 2, visit the website here.
Last month CC Pacers participated in a community outreach event to support Animal Friends – VA. Animal Friends – VA is a small local non-profit based out of Woodbridge, VA. They are a no-kill foster-based rescue organization dedicated to saving and finding homes for companion animals in our communities. Having been founded in 2015, Animal Friends – VA is an organization of volunteers who are dedicated to saving the lives of surrendered, abused, and neglected animals. The organization relies solely on generous donors and adoption fees to finance their operation. Although the COVID-19 pandemic has halted in-person adoption events, Animal Friends – VA has continued their mission to service neglected animals in the Northern Virginia area.
In support of this organization’s wonderful cause, CC Pacers collected a variety of items and donations. In total, CC Pacers donated dog beds, toys, crates, treats, and hundreds of pounds of dog food – amongst other items. In addition, CC Pacers also made direct donations to the Animal Friends – VA organization. In lieu of participating in in-person outreach events, CC Pace will continue to find new and creative ways to support our community. A big “Thank You!” to all of the CC Pacers who participated in this event!
Looking to get involved? Great news – there are many ways you can support Animal Friends – VA! Options to help include applying to adopt or foster, donating through their Amazon Wish List, or making a direct monetary donation. In addition, once in-person donation events resume Animal Friends – VA will be looking for volunteers for transports and to lend a hand at adoption events. To learn more about Animal Friends – VA, check out their website.
Meet Alyssa Stewart, Technical Recruiter who shares her journey this past year at CC Pace with us. Here she gives insight on her transition to this position, opportunities that have been presented to her, and her experience being part of the CC Pace family. We are so happy to have her on our team!
If you are interested in a new career with CC Pace please check out our latest job postings. And, we invite you to get social with us, follow us on LinkedIn, Facebook, Twitter and YouTube for the most up to date news, information and happening at CC Pace!
I sincerely hope that you’ve been enjoying Mike Gordon’s recent posts on the changing landscape of banking in the digital world. (If you missed them, please bookmark this post and click this link to read them before continuing any further.) Mike has done a great job of outlining many of the macro-level changes afoot among the banking industry leaders, the innovators and the smaller local lenders as they respond to customer demands and competitive pressures in a time of rapid acceleration of mobile computing and personalization of services available in finance. Mike deftly explores how the responses may vary by institutional types along with his insights as to why the digital approach most often aligns with the customer population that typically defines their respective markets.
I recently ran across an excellent thought piece from Alex Johnson and Darryl Knopp of FICO, based on a session they presented (virtually, of course) at an American Banker’s Digital Banking 2020 conference in December and was struck by how well it complemented Mike’s posts at a more tactical and granular level. The executive summary of their session, entitled “The 11 Commandments of Digital Banking”, can be accessed here (Download Executive Summary). I think that you will agree that Alex and Darryl’s “commandments” are well reasoned and thought provoking in the way that they articulate the customer experience requisites of our times, well punctuated with humor and the obligatory TikTok reference our pop culture demands. Coupled with Mike Gordon’s overviews of the current landscape, these pieces give us a lot to think about how well we are doing with regard to transforming our own businesses to better serve our customers and keep up with the times.
Please drop in a comment to let us know how your own digital transformation is going. We would love to hear from you.
Last year, we worked with experts from George Mason University to build a COVID screening and tracing platform called Pass2Play. We used this opportunity to implement a Serverless architecture using the AWS cloud.
This video discusses our experience, including our solution goals, high-level design, lessons learned and product outcomes.
It’s specific to our situation, but we’d love to hear about other experiences with the Serverless tools and services offered by AWS, Azure and Google. There are a lot of opinions on Serverless, but there’s no doubt that it’s pushing product developers to rethink their delivery and maintenance processes.
Feel free to leave a comment if we’re missing anything or to share your own experience.
We would like to introduce Deepak Palanivelu to you. Due to Deepak’s positive experience with CC Pace as a contractor, he approached us regarding his desire for a permanent position. We jumped at the chance to bring him on as a full-time team member. Here Deepak shares his story of the whole transitioning and on-boarding process that took place for him to become a CC Pace employee.
Welcome to the CC Pace family Deepak!
It is pretty safe to say that, as we enter our 12th month of quarantining and the pandemic lifestyle, we are all experiencing COVID fatigue. So, rather than evoke a collective groan with yet another “here’s how to navigate the quarantine lifestyle” post, we have decided to try and lighten up the COVID experience a little with an entertaining review of how things have changed. So, without further ado, here is CC Pace’s What’s In and What’s Out list! Take a look and please let us know if there is anything we missed on our list – enjoy!
|Conference calls||Teams meeting with fun together modes|
|Short emails with one question||Slack or DMs|
|Team lunches||Door Dashed lunch|
|Phone calls||Video Calls|
|Lengthy in-person meetings||Emails with bullet points and lists|
|Book Clubs||Netflix recommendation discussions|
|Company outings||Online Trivia games|
|Commuting to work||Signing into Teams app or Zoom|
|Printer jamming||Internet connection issues|
|Office inside jokes||Company memes|
|Alcohol shots||Vaccine shots|
|Starbucks||Expanding your Keurig coffee selection|
|“You’re on Mute”||Awesome virtual backgrounds and cameo family member sightings during virtual meetings|
|Juggling kids activities to keep them entertained||Juggling kids online class schedules|
|Happy Hour at the local bar||Personal booze stockpiles|
|Business attire||Sweats, yoga pants and pjs|
|Workplace status quo||Angling your camera just right to ensure your PJ pants are not visible during your Teams meeting|
|Dry Cleaners||Never ending laundry piles|
|Lunch hour errands||Walking your dog 4 times a day|
|Hanging out at the water cooler||Never ending group chats|
|Picking up something for dinner||Cooking at home and getting your Micheline star rated Chef groove on|
|Airpods||Noise Canceling Headphones|
|High Heels and dress shoes||What are shoes?|
|Talking over a cube wall||Stalking co-worker’s availability status on Teams|
|Office floorplan||Makeshift home offices on kitchen counters|
|Grabbing something from the vending machine||Rummaging the fridge and/or pantry|
Small and medium sized companies are trying to return to “normal.” This short blog by guest blogger, Dr. Amira Roess, provides some guidelines. Dr. Amira Roess is a Professor of Global Health and Epidemiology at George Mason University.
It’s not going to be easy, and we may not get back to a pre-COVID workplace for another few years, but it can be done.
A critical factor is employee peace-of-mind. There are three actions an employer can take to ensure employee peace-of-mind:
- Take steps to prevent employees that may be infected from coming to work (i.e. Daily Symptom and Exposure Screening)
- Take steps to remove opportunities to become infected in the workplace (i.e. workplace hygiene and air flow)
- Take steps to rapidly remove employees from workplace that have been exposed (i.e. Accurate and Rapid Contact Tracing)
Daily Symptom & Exposure Screening apps provide a simple way for employees to check their symptoms. The questions on the screening app should be curated by an epidemiologist based on the latest scientific finding from the Center for Disease Control (CDC) as well as other credible sources.
An app that automatically sends daily reminders and/or alerts to employees to complete the screening can reduce the workload in managing the process.
Workplace hygiene must be maintained. Employees must avoid using other employees’ phones, desks, offices or other work tools and equipment, when possible. If you cannot avoid using someone else’s workstation, clean and disinfect before and after use.
Clean and disinfect frequently touched objects and surfaces, like workstations, keyboards, telephones, handrails and doorknobs. Dirty surfaces can be cleaned with soap and water before disinfection. Choose the right disinfectant for your surface from EPA’s List N: Disinfectants for Coronavirus (COVID-19).
Wear a mask in all shared spaces, especially where staying 6 feet apart (about two arm lengths) is not possible. Interacting without wearing a mask increases your risk of getting infected. Note: wearing a mask does not replace the need to practice social distancing.
Employees should wash hands often with soap and water for at least 20 seconds or use hand sanitizer with at least 60% alcohol if soap and water are not available. If your hands are visibly dirty, use soap and water over hand sanitizer.
All medical professionals know to avoid touching your eyes, nose and mouth if you haven’t washed your hands.
Employees must remember to cover mouth and nose with a tissue when coughing or sneezing, or use the inside of your elbow. Throw used tissues into no-touch trash cans and immediately wash hands with soap and water for at least 20 seconds.
Indoor spaces should be evaluated to ensure that maximum airflow is supported. High quality portable HEPA filters can provide an additional layer of protection.
Contact Tracing is very important. Should any employee find out that they are positive for COVID, anybody that was exposed (i.e. more than 15 minutes in less than 6 feet proximity) should be notified and instructed to quarantine immediately.
Here is a link to the CDC website with Quarantine instructions. https://www.cdc.gov/coronavirus/2019-ncov/if-you-are-sick/quarantine.html.
It is strongly recommended to use an automated Contract Tracing system to get accurate time and distance between employees. These systems can also identify where workplace operations result in unintended congregation.
CC Pace has teamed up with George Mason Professors, Dr. Roess and Dr. Lance Shirley, to create Pass2Play.
Pass2Play is a combined Daily Symptom & Exposure Screening and Contract Tracing App that is designed to Provide for Employee Peace-Of-Mind, Ensure Employee Health & Safety, and Maximize Workspace Uptime.
For a demo and purchase: firstname.lastname@example.org
A look at Agile 2’s values and why we need both sides of the coin to create value.
While the values of the original Agile Manifesto have helped shift the way software is developed today, it is very much left to the interpretation of the individual applying them as to how it should be done. This interpretation can often be dogmatic to focus solely on the left, sometimes at the total exclusion of those on the right, even though it clearly states “That is, while there is value in the items on the right, we value the items on the left more”.
Agile 2 consists of six values and 43 principles. It comprises a deep and nuanced set of ideas, and all of its ideas are supported by the thoughts that led to them. In this article I am going to provide a view into Agile 2’s six values and why we chose the word ‘and’ instead of ‘over’. Agile 2 seeks a balance of both the left and the right, both are needed, and both are useful. Also, Agile 2 seeks to speak to a broader range of activities beyond only software, including product development in general, and in fact any collaborative human endeavor.
The Values of Agile 2
Let’s take a look at them one by one.
1. Thoughtfulness and Prescription.
Frameworks are good and useful. They often give us a place to start and help us to solidify an approach. But they should not be followed blindly without considering your own context – where are you and what can and can’t you do in the context of your organization. Many variables are at play to construct the perfect environment for a framework to succeed, including organizational structure, culture, compliance regulation, and leadership support to name a few. A practice that is best for one organization may not be the best or have a chance of succeeding in another. That is not to say that you can’t move towards an ideal, but it very often isn’t the place you can start.
This contextual variability is why thoughtfulness is essential when applying a framework, or any practice or methodology. However, there are cases when one should start with a well-defined practice and follow it precisely. For example, if one is replacing a component of a complex machine, such as a blade on a jet engine, following procedure is often essential for ensuring that it is done right. Lives and safety might depend on following the procedure rather than improvising.
Still, judgment is sometimes required. Surgeons often have procedures for specific types of operations, but they need to be able to improvise, using their own judgment, when things do not proceed as expected; their experience and judgment are key, and the patient’s life might depend on it.
There is a place for prescription; and there is a place for thoughtfulness. Knowing the right balance is a matter of context.
2. Outcomes and Outputs
In the course of product development, outputs are the things that get produced by the development teams. These are usually design artifacts: digital files that define the product and its fabrication (hardware) or deployment (software).
Outputs are important – they help us measure our progress using metrics such as the team’s throughput, number of defects, quality of the software etc. These are mainly what you might call activity-based measures. But ultimately, we are building products or creating a service for our customers using Agile to achieve some business outcome. Sure, the customer will care about the quality, no one wants a product that is not stable, and the organization may not achieve its revenue target or market share if the product is not released on time. But the product also needs to be what the customer wants and will use. It must be the right product and someone or some group needs to be accountable for directing that vision to achieve the desired outcome, which is the true measure of success for the organization.
So, outputs matter: they are essential elements of any process; but they are not the end goal. The end goal is the outcome.
3. Individuals and Teams
We often hear there is no ‘I’ in ‘Team’ and much of what is written about Agile is written regarding the practices of the team. Teams are necessary to accomplish much of what we do, as no one person has the knowledge or capacity. But Agile often advocates for the team’s preference over the preference of the individual, be it with team norms, communication style, and even the team environment. This can be to the detriment of the individual, which can then cascade into the detriment of the team reaching its goals.
Balance is needed so as not to stifle creativity or alienate team members simply because they do not think, learn, or process information in the same way. It is necessary for teams to have norms but sometimes allowing someone to operate outside of the majority’s norm is needed too to accomplish the team’s goal.
4. Business Understanding and Technical Understanding
We often hear that business is the driver, and that technology is the enabler, that the business is responsible for the “what” and that IT is responsible for the “how”. This thinking has led to many structures where development teams are led by product managers who have a great understanding of their domain but very little understanding of how it will be implemented and vice versa. But knowledge of both is necessary to make optimal decisions.
Technical decisions have financial and future business impact, and business decisions have financial and future architectural impact. Not every person can have a deep understanding of both, but they should not entirely shift the accountability of understanding to someone else. Instead, they should seek to understand as much as possible and collaborate closely.
5. Individual Empowerment and Good Leadership
Self-organizing teams is one of the first things people often talk about when discussing Agile. Two of the principles behind the original Agile Manifesto state:
“Build projects around motivated individuals. Give them the environment and support they need and trust them to get the job done” and
“The best architectures, requirements, and designs emerge from self-organizing teams.”
These are often translated into “leave the teams alone and don’t tell them what to do”. Yet not all teams are ready for that level of autonomy and authority.
Empowering teams, or individuals for that matter, is a great motivator. It can bring about better outcomes, and it can help to build future leaders within the organization. But to empower people without some level of supportive leadership and assessment is to set them adrift. Borrowing from a talk by former Captain David Marquet, teams need to have clarity of purpose to set direction and competency and the capability and skills necessary to get the job done . Good leadership will assess the level of oversight and direction that the team needs and help them navigate while teaching them how to make good decisions on their own.
6. Adaptability and Planning
One of the original values of the Agile Manifesto contains the phrase “…responding to change over following a plan”. I do not think anyone would disagree that planning can be useful, or that if there were a significant change that would cause the goal to not be achieved then adapting the plan would not be a good idea. The point is that both the act of planning and the ability to adapt that plan are valuable.
The planning in and of itself helps us to think through the variables that would have us choose one option, course of action, timeline, etc. over another. It helps us think through the constraints we must work under and the risks we face if we come up against them. Keeping these things in mind with respect to what is occurring while executing the plan gives us useful information, we can use to adapt the plan for a better outcome.
Both sides of the coin, heads and tails, are necessary to create value. Agile 2 believes that both sets of values are necessary to achieve agility. Balance is needed and consideration for the context of your situation when applying practices that might favor one over the other. I do not believe the Agile Manifesto meant to infer only one side of the coin either, and that the word ‘over’ has led to misinterpretation and rigidity on how to apply it. I could be wrong in my view and understanding also. Therefore Agile 2 has provided interpretation and insight as to how the values were derived, so as not to be misinterpreted. There is a lot of thought and experience behind them from the original authors. However, we expect Agile 2 to evolve and develop with input from the community. We hope that you take some time to review Agile 2 and add to the ideas and content that comprise it.
Our Working with CC Pace series introduces Holly-Ann Morton a Consultant. Holly-Ann reveals details on how she was impressed that her CC Pace recruiters stayed in touch from their first interaction, and really took the time to understand her needs and skillset. Through this open dialogue with her recruiting team Holly-Ann was able to find her next position with CC Pace, and went into her new role with the confidence. Watch her video testimonial and see if this type of working relationship sounds good to you as you seek a new opportunity, if it does, then be sure to check out our latest openings!
CC Pace was recently featured in Agile Uprising’s Blog series. Agile Uprising is a network that is focused on the advancement of the Agile mindset and professional networking between leading Agilists. In the blog, CC Pace created a short video where we highlighted one of our latest projects! Bobby Pantall, CC Pace Lead Technology Consultant, speaks to our experience building an app for a startup company named Twisty Systems. This app that was developed is a navigation app aimed towards driving enthusiasts. In the video we describe the framework of the Lean Startup methodology and some of the highs and lows in the context of the pandemic and releasing a new app.
Enjoy and please share your thoughts on this project!
Curious what is it like to work with CC Pace? Shaheen Hossain is an Agile Coach for CC Pace in this video he shares with us his journey from his first interactions with CC Pace leadership, through his full experience with our recruiting team. Watch his video testimonial and if sounds like the right environment for you, and you want to explore joining our team… click here!
It’s an understatement to say that 2020 has been a challenging year. In the midst of a pandemic, CC Pace has been celebrating a milestone anniversary of 40 years in business! To celebrate, we decided to host a 40th Anniversary Community Outreach Challenge. The pandemic has certainly highlighted the need for community service and outreach, we in turn challenged our employees to go out and make a difference in their communities!
Despite the challenges COVID-19 presented, CC Pacers continued to show overwhelming support in a variety of ways by donating masks to those in need and supporting organizations close at heart. In addition, CC Pace held a company-wide food drive to support of the Lorton Community Action Center, where together our team donated close to three hundred pounds of food!
In total, CC Pacers donated directly to 10 different organizations, including – two universities, two animal shelters, and multiple local and national non-profits all over the country. And, while some took a more traditional approach, others found creative ways to make a difference. For example:
- Donating 40 handmade masks made by an employee and their spouse.
- Committing to perform 40 acts of kindness throughout the year.
- An avid coin collector on our team, decided to sell one of his coins from 1940 and donate the proceeds directly to charity.
- Conducting and donating 40 hours of Agile Trainings as a fundraiser to the Los Angeles Telugu Association. The proceeds from those trainings, which totaled about $22,000, were given to promote community activities, art and culture.
Wow! Well done everyone! A big “Thank You” to all of our CC Pacers for giving back in so many creative ways! Happy 40th Anniversary CC Pace – here’s to 40 more!
If you would like to learn more about any of the organizations CC Pacers have supported this year, please visit the links provided:
- Houston Diaper Bank https://houstondiaperbank.org/donate/
- WolfTrap Animal Rescue https://www.wtarescue.com/support-us
- Fairfax County Animal Shelter https://www.fairfaxcounty.gov/animalshelter/getinvolved
- Shelter House https://shelterhouse.org/get-involved/
- Give Essential https://www.giveessential.org/help
- Capital Area Food Bank (feeding America) https://www.capitalareafoodbank.org/how-to-help/
Welcome to our last blog in our 40 Years and Forward series, where we introduce you to 40 Fun Facts about CC Pace! In this blog series we have taken a stroll down memory lane looking at how CC Pace started and has evolved, as well as what makes our corporate culture unique. Now we ask you to discover 40 Fun Facts about us from the last 4 decades as we share some fond memories, interesting tidbits, and laughs!
We would like to say to all our clients, friends and colleagues who have worked with and supported CC Pace over the years a heartfelt Thank You! We are very excited to what the future holds as we move forward on our journey!
As 2020 has unfolded, our development team has been working on a brand new app: Pass2Play! Check out the video below to see all of its features and capabilities!
To learn more about Pass2Play click here!
It is almost a certainty in years to come, that we will all recall that period in March 2020 when everything started closing down due to COVID-19. The weeks leading up to this time we kept hearing more about this mysterious virus and the awful effects of it. As a result, many of us started preparing for the possibility that we ourselves would be quarantined for a couple of weeks. Fast forward to November 2020 and here we are, still in quarantine as states continue to figure out the best and safest ways to reopen.
Prior to the COVID lockdown, we here at CC Pace would have never imagined that we could transition our entire workforce to go 100% remote overnight, and much less do it seamlessly – but that is exactly what we did! Our entire staff has effectively been working remotely for 8 months, thanks in big part to our technology group who had already transitioned the bulk of our storage to the cloud, and had implemented Microsoft Teams for more successful and personal communications among our employees.
When the CC Pace team transitioned to full work-from-home status overnight we didn’t let quarantine affect our productivity nor the quality of our work. We hit the ground running and have not stopped. If you were to ask us how we did it, we would have to say that the key has been communication. Our team has adjusted and embraced new modes of communication: Meetings – join us in Teams, chats – ping me whenever, kudos – keep them coming, file sharing – here’s the link, screen sharing – take a look at this, all of this along with video calls have helped us to stay in touch and most importantly stay connected! (Of course, a few virtual happy hours and events have helped too!)
It’s this level of adaptability and agility that has brought us our success. Seeing our team be able to continue to produce and develop superior results only confirms what CC Pace has always stood by, our people are our most important asset! #staysafe
In the first installment of our Product Owner Empowerment series, we talked about the three crucial dimensions of knowledge that a Product Owner’s effectiveness is measured on. We looked at how various aspects of empathy influence a Product Owner’s ability to connect with the team, client and organization in our second post. In our third and final post in this series, we are going to look at the impact that psychological safety has on a Product Owner’s success.
Psychological Safety: Psychological safety is a state of mind and a cultural aspect that is created and fostered by someone or something other than the subject themselves. When people in the organization are afraid to make difficult choices and shy away from having tough conversations, it is generally due to a lack of psychological safety. Various factors contribute to how safe people feel psychologically in an organization. Empathy, as discussed above, at all levels plays a big role in this. If the culture, in general, is more empathetic, there will be a higher level of psychological safety. However, it is not the only factor. Let’s dig a little deeper on this factor and see how PO’s success is tied to psychological safety for themselves and the teams they are working with.
- Psychological Safety for Teams: In the case of teams, it is usually the leaders that are responsible for ensuring that team members feel psychologically safe to work in challenging situations with often unpredictable outcomes. Agile requires teams to be flexible and collaborative in their approach to address the ‘just-in-time’ nature of work. Innovation, exploration, and taking risks is a necessity to succeed in such an environment. This comes with the possibility of teams running into occasional failures that should be treated as learning opportunities. But, if the organizational culture is not forgiving of failures, it leads to teams not feeling safe enough to take the risks and challenges they may need to, to optimize value delivery. Leaders should actively address the topic of psychological safety and ensure that they foster a culture that encourages innovation and taking calculated risks.
- Psychological Safety for the Product Owner: The Product Owner is in a unique position having a tremendous influence on a team’s psychological safety, but in turn, are equally or proportionally affected by the psychological safety afforded to them by their leadership. A Product Owner who is well engaged with the team will need to make decisions regarding priority, scope, and timelines. An empowered Product Owner will be able to make such decisions with appropriate communication, keeping the team working at a sustainable pace. However, we often see organizations where such pivots must go through multiple levels of approvals, often surrounded by process constraints and red tape. This causes the organization to see change as undesirable and anyone bringing the change is viewed as the bearer of bad news.
Having leadership that welcomes change, is key to providing psychological safety to the Product Owner and the team. It is not sufficient for leadership to merely say that they support and welcome change. They need to look at systemic and cultural aspects of the organization that might be working against this mindset and actively work to realign them to an Agile way of working. It may not be the norm in some organizations to have leadership unsupportive of change, but a delay in the ability to pivot can lead to periods of unsustainable workload on the team while the Product Owner is negotiating upwards. To truly support psychological safety, allowing for making difficult choices and having tough conversations, organizations need to embrace decentralization decision making and empower the Product Owner and teams as much as possible.
I hope you enjoyed this series. Throughout these three posts, we explored various factors that impact the ability of a Product Owner to work effectively in their role and serve the purpose they are meant to. They must be empowered with knowledge of not just the business domain, but also the delivery and process knowledge to successfully operate in the organizational context. Empathy at different levels of the organization and towards the customer, whether they are internal or external, is crucial to move the product in the right direction. Psychological safety is often an unmeasurable and underlying factor that should be proactively managed by leadership and ingrained in the culture and processes of the organization to truly empower their Product Owners.
As a final thought, if you’ve enjoyed this series or have additional questions on how to truly empower your Product Owners, join me for a FREE webinar on Product Owner Empowerment. We have a few seats available (on a first-come basis) and invite you to register today.
In my previous blog, I highlighted that different banking “personas” have differing goals with respect to digital banking. The large, national financial institutions envision digital banking as being a fundamental competitive differentiator they need to continuously build upon. The smaller community banks and credit unions are looking to continue to provide an attractive, local alternative like they have done in the past, while meeting the growing digital requirements within their budget constraints. Meanwhile, new, online-only entrants are making a bet that their future banking clientele do not require any physical presence, particularly in the millennial market.
This blog delves deeper into the strategies and tactics being deployed by the first group, the large national players. With the financial wherewithal to invest in new technology, these institutions strive to provide the widest array of banking options and features to attract and retain customers, while also improving efficiencies within their companies.
As early adopters of online and mobile banking services, the national banking institutions enjoyed an advantage over their smaller competitors when the pandemic hit and physical access to bank branches became limited. Not surprisingly, the J.D Power 2020 Retail Banking Satisfaction Study found that these large financial institutions had both a greater penetration of digital customers and a higher customer satisfaction index of their customers, using more advanced online and mobile capabilities to achieve this advantage while increasing revenues, managing costs and improving service.
Many large national banks have increased revenues and grown market share largely by focusing on customer experience as an essential component in attracting clients from large and small competitors alike. By increasingly using human-centered design techniques and mobile banking services to tailor technology to the needs of the customer base being served, these banks have rolled out highly effective online and mobile platforms that leave customers feeling good about their experience. This approach often includes faster onboarding, simplified payment processing, and easier access to account and transaction information with digital signatures and mobile check deposits reducing the need to come to a branch to create a new account or conduct many common transactions.
Reducing foot traffic into branches has not reduced the ability to grow revenues by selling more products, however, as the national players have increasingly leveraged artificial intelligence to mine their data to determine which customers are likely candidates to purchase certain products, and then following up with targeted online marketing campaigns to promote those products and make signing up quick and easy via online banking.
Despite the obvious technology costs of deploying digital banking capabilities, the large players have found ways to use digital banking to reduce two of their largest expenditures: labor costs and fraud losses. Like most companies, the largest expense for a bank is their human capital costs. Technology has successfully enabled the large financial institutions to serve more customers with fewer employees.
Using robotic process automation, more and more activities previously performed manually by bank staff are now computerized. Chatbots and Voice Assistants are also being used to allow customers to get answers to questions or to process certain transactions with less need for interaction with a human employee. As an example of the magnitude of this labor cost reduction, in an interview with CNBC in October, 2020 Brian Moynihan, CEO of Bank of America (BofA), stated that through the adoption of technology, BofA has reduced its workforce in the past decade from 288,000 people to 204,000, a 29% decrease.
While the increased use of digital banking has led to efficiency in bank operations, it has also increased the risk for bank fraud. Online and mobile banking provide new gateways for criminals to defraud businesses and consumers. Fortunately, artificial intelligence and machine learning platforms have provided a means to combat these criminal activities and reduce the losses associated with bank fraud. As the sophistication of these systems have grown, they have become more equipped to recognize emerging trends and behaviors to identify additional transactions of concern. In the past, one common mechanism to mitigate risk of a potentially fraudulent transaction was to simply deny an application. Today, using artificial intelligence, fraud losses are being mitigated with less impact to approval rates.
Finally, with respect to improving service, a growing trend particularly popular among younger customers is the concept of digital self-service. Self-service is the ability for customers to get answers to questions and process transactions without the need to wait for a service representative to help them. According to Salesforce’s “State of the Connected Customer”, 59% of consumers and 71% of business buyers say self-service availability positively impacts their loyalty.
Features like Frequently Asked Questions (FAQs), videos about banking products, or financially-related knowledge articles have been added to bank websites and mobile apps as part of this self-service. Combined with Chatbots and Voice Assistants mentioned above, customers are now getting the answers they are looking for much quicker than they were when waiting for a customer service representative on the phone.
These digital banking technology investments have provided the large financial institutions a strategic advantage over their smaller, less well-healed competitors. So, what are these community banks and credit unions doing to counter this advantage? Stay tuned for my next blog in this series.
In the first installment of our Product Owner Empowerment series, we talked about the three crucial dimensions of ‘Knowledge’ that affect a Product Owner’s effectiveness. This post is going to take a deeper dive into the impact Empathy has on a Product Owner’s ability to succeed.
Empathy: Assuming positive intent, empathy is something that comes naturally to a person. However, environmental factors can influence a person’s ability to relate or connect with another person or team. Let’s explore some aspects of empathy and how they may impact a Product Owner’s success.
- Empathy towards the team(s): To facilitate an empathetic relationship between a Product Owner and the team, the PO must be able to meet the team where they are (literally and figuratively). Getting to know the team members and building a rapport requires the Product Owner to extensively interact with the team and proactively work to build such relationships. Organizations should facilitate this by making sure Product Owners are physically located where the team is and is empowered to not only represent the team to the business but also play the role of protector from external interruptions, so that team can function effectively. As alluded to above, having a good understanding of what it takes to deliver, helps tremendously with the ability to place themselves in the team’s shoes and see things from their perspective.
- Empathy towards the customer(s): It is easy to assume that a Product Owner acting on behalf of the business will automatically have empathy and an understanding of their needs to adequately represent their business interests. However, organizational culture can sometimes influence how a Product Owner prioritizes work. If it is only the sponsors directing the team’s scope and prioritization, a critical element of customer input is missed. Product Owners should place sufficient emphasis on obtaining customer opinion and feedback to inform the direction of product development.
- Empathy in the Organization: This factor relates to the organizational culture. As companies embrace Agile and expect its benefits to be equally realized, more emphasis on the desire to be lean begins to form. While being lean is a goal every organization should have, it is important to understand what kind of impact a lean organization has on individual teams or team members. A systemic push to be lean, in combination with less than optimal Agile maturity and the presence of antipatterns, can lead to teams being held against unsustainable delivery expectations. This problem is more common than you would think. Most organizations are going through some level of Agile transformation, but leadership expectations of benefits realization are always a few steps ahead of where the organization truly is on the Agile journey. Having the right set of expectations and the empathy necessary to reset them based on continuous learning and feedback is needed at an organizational level.
Check back next week to see how a Product Owner’s success is tied to psychological safety for themselves and the teams they are working with.
If you are a Product Owner or your Agile team struggles with this role, you won’t want to miss our upcoming webinar on Product Owner Empowerment. This webinar will be held on December 15th and you can register today here! Space is limited and on a first-come basis.
The Product Owner plays a crucial role in the success of a team and subsequently the organization. Most organizations consider the Product Owner to be a person with sufficient business knowledge such that they can communicate the business needs to the teams for implementation. While this is an important qualifier for a Product Owner, other factors must be present to have a truly empowered Product Owner.
The following 3 factors have the biggest impact on a Product Owner’s ability to succeed:
- Psychological Safety
These factors are not just applicable to the Product Owner, but also the surrounding environment. This includes the organization, processes, culture, teams, the product itself, stakeholders, and customers. Let us dig a little deeper.
In this post, we are going to focus on the first influencer: Knowledge. Next week, we’ll take a deeper dive into the impact Empathy has on a Product Owner’s ability to succeed, and we’ll round out the series with defining Psychological Safety and looking at the effect it has on a Product Owner.
Knowledge: The knowledge aspect is the most obvious and widely analyzed and assessed factor to evaluate the effectiveness of a Product Owner. However, there are several dimensions of knowledge that are required.
- Domain Knowledge: This dimension doesn’t need explaining and is probably the most obvious one of all. The Product Owner must have a good understanding of the domain they are working in, to effectively lead product development. While it may seem comfortable to assume that industry-wide it is common practice to have Product Owners with sufficient domain knowledge, some Agile antipatterns have led to the emergence of roles such as proxy Product Owner, or technical Product Owner. The primary culprit for organizations gravitating to this antipattern is a lack of understanding of the Product Owner’s role. Organizations assume that as long as there is a communication path to transfer the business needs to the teams, it is ok to have layers between the customer and the team. This creates dysfunction in Agile teams that are supposed to collaborate with the Product Owner in discovering and delivering value, but don’t have an empowered Product Owner who can make decisions and pivot when needed effectively.
- Process Knowledge: When it comes to a PO having knowledge and understanding of the Agile approach, best practices, and antipatterns usually takes a back seat. To clarify, we are not talking about just having your PO take a 2-day certification class and call it a day. Yes, it is necessary to have formal learning as part of role development, but, the learning should not remain at this minimal level. An effective Product Owner should have lived the process, learned from the challenges, successes, and failures, so they understand what it takes to deliver the product they are helping build
- Knowledge of PO role across in the organization: We talked about knowledge that a PO should have, but, to have a truly empowered Product Owner, an organization needs to know what to do with such a role. As mentioned before, a Product Owner role is different from a mere subject matter expert. To empower a Product Owner to make decisions, the organizational stakeholders need to understand how the Product Owner role works in an Agile context. Product Owners are not only the primary source of information on business needs for the team but are also one of the key roles influencing the pace of value delivery.
If the organization doesn’t understand what it takes for an Agile team to receive business needs Just-in-Time, iterate on requirements, let design emerge, deliver value and allow for slack time and innovation, It will make a Product Owner’s job quite difficult if they are still held to traditional expectations from leadership. These expectations may include providing inflexible delivery commitments, obtaining buy-in from a myriad of stakeholders before any scope changes are made, or worst of all, ensuring maximized utilization from the team. The organization’s stakeholders must be trained and knowledgeable about the basics of Agile if they are new to this way of working. Additionally, leadership must know the common pitfalls, assumptions, and antipatterns that organizations fall into and actively work to avoid or mitigate them.
If you are a Product Owner or your Agile team struggles with this role, join me for a free webinar on Product Owner Empowerment. This webinar will be held on December 12th and you can register here! Space is limited and on a first-come basis.
Agile 2 is here!
I was fortunate to be included in a group of exceptional Agile leaders and practitioners, led by Clifford Berg, to retrospect on Agile and improve upon what it has become over the last 20 years. Each of us began by citing issues and problems we have encountered over the years, drawing on our unique experiences. Not all of us experienced the same issues, but it was eye opening to discover what others came up with because of the diversity of the group both in practice and expertise.
We then discussed why we felt the problems occurred and what could be done to change them. This led us to revisiting the values and principles of the Agile Manifesto and many of the frameworks we use today. While I am vested in many of these, having become certified in them myself and trained others on them as well, I have seen where lack of clarity or difference of interpretation, as well as too much emphasis placed on prescription, leads to less than successful outcomes.
It is this clarity and thoughtfulness that Agile 2 seeks to deliver. It is a set of values and principles based on common problems that we believe will resonate with you, the Agile practitioner. My colleagues and I are proud of Agile 2 and the potential impact we believe it can have on the current state of Agile. Have we gotten it all right? Undoubtedly there is room for debate. Have we missed some valuable principles? Perhaps. And that is why we want Agile 2 to be open to ideas from the community, and there will be an Agile 2 version 1.1. We respect and welcome your input and ideas. We want Agile 2 to be constantly improving on what it is today so that it stays relevant. There will be Agile 2 community forums, and to begin that, there is a LinkedIn group. A book is on the way. The Agile 2 website is at https://agile2.net. Check it out!
In the previous blog, I had provided insights on what ZTA is, what the core components that belong to ZTA are, why organizations should adopt ZTA and what the threats to ZTA are. In this blog, I will go through some of the common deployment use cases/scenarios for ZTA using software defined perimeters and move away from enterprise network-based perimeter security.
Scenario 1: Enterprise using cloud provider to host applications as cloud services and accessed by employees from the enterprise owned network or external private/public untrusted network
In this case, the enterprise has hosted enterprise resources or applications in a public cloud, and users want to access those to perform their tasks. This kind of infrastructure helps the organization provide services at geographically dispersed locations who might not connect to the enterprise owned network but could still work remotely using personal devices or enterprise owned assets. In such cases, the enterprise resources can be restricted based on the user identity, device identity, device posture/health, time of access, geographic location and behavioral logs. Based on these risk factors, the enterprise cloud gateway may wish to grant access to resources like employee email service, employee calendar, employee portal, but may restrict access to services that provide sensitive data like the H.R. database, finance services or account management portal. The Policy Engine/Policy Administrator will be hosted as a cloud service which will provide the decision to the gateway based on the trust score calculated from various sources like the enterprise system agent installed on devices, CDM system, activity logs, threat intelligence, SIEM, ID management, PKI certificates management, data access policy and industry compliance. The enterprise local network could also host the PE/PA service instead of the cloud provider, but it won’t provide much benefit due to an additional round trip to the enterprise network to access cloud hosted services which will impact overall performance.
Scenario 2: Enterprise using two different cloud providers to host separate cloud services as part of the application and accessed by employees from the enterprise owned network or external private/public untrusted network
The enterprise has broken the monolithic application into separate microservices, or components hosted in multiple cloud providers even though it has its own enterprise network. The web front end can be deployed in Cloud Provider A, which communicates directly to the database component hosted in Cloud Provider B, instead of tunneling through the enterprise network. It is basically a server-server implementation with software defined perimeters instead of relying on enterprise perimeters for security. The PEPs are deployed at the access points of web front end and database components which will decide whether to grant access to the service requested based on the trust score. The PE and PA can be services hosted either in cloud or other third-party cloud provider. The enterprise owned assets that have agents installed on them can request access through PEPs directly and the enterprise can still manage resources even when hosted outside the enterprise network.
Scenario 3: Enterprise having contractors, visitors and other non-employees that access the enterprise network
In this scenario, the enterprise network hosts applications, databases, IoT devices and other assets that can be accessed by employees, contractors, visitors, technicians and guests. Now we have a situation where the assets like internal applications, sensitive information data should only be accessed by employees and should be prevented from visitors, guests and technicians accessing it. The technicians who show up when there is a need to fix the IoT devices like smart HVAC and lighting systems still need to access the network or internet. The visitors and guests also need access to the local network to connect to the internet so that they could perform their operations. All these situations described earlier can be achieved by creating user, device profiles, and enterprise agents installed on their system to prevent network reconnaissance/east-west movement when connected to the network. The users based on their identity and device profile will be placed on either the enterprise employee network or BYOD guest network, thus obscuring resources using the ZTA approach of SDPs. The PE and PA could be hosted either on the LAN or as a cloud service based on the architecture decided by the organization. All enterprise owned devices that have an installed agent could access through the gateway portal that grants access to enterprise resources behind the gateway. All privately owned devices that are used by visitors, guests, technicians, employee owned personal phones, or any non-enterprise owned assets will be allowed to connect to BYOD or guest network to use the internet based on their user and device profile.
Zero Trust Maturity
As organizations mature and adopt zero trust, they go through various stages and adapt to it based on the cost, talent, awareness and business domain needs. Zero trust is a marathon, and not a sprint, hence incrementally maturing the level of zero trust is the desired approach.
Stage 0: Organizations have not yet thought about the zero trust journey but have on-premises fragmented identity, no cloud integration and passwords are used everywhere to access resources.
Stage 1: Adopting unified IAM by providing single sign-on across employees, contractors and business partners using multi-factor authentication (MFA) to access resources and starting to focus on API security.
Stage 2: In this stage, organizations move towards deploying safeguards such as context-based (user profile, device profile, location, network, application) access policies to make decisions, automating provisioning and deprovisioning of employee/external user accounts and prioritizing secure access to APIs.
Stage 3: This is the highest maturity level that can be achieved, and it adopts passwordless and frictionless solutions by using biometrics, email magic links, tokens and many others.
Most of the organizations in the world are either in stage 0 or stage 1 except for large corporations who have matured to stage 2. Due to the current COVID situation, organizations have quickly started to invest heavily to improve their ZT maturity level and the overall security posture.
Draft (2nd 1) NIST Special Publication 800-207. Available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft2.pdf
As we mentioned in our previous post, we are celebrating our 40th anniversary and, as part of our celebrations, we have created this 40 Years and Forward blog series. So, without further ado, welcome to the second posting in that series!
In our last blog, we took a stroll down memory lane and reminisced about CC Pace’s origins and what the world was like in 1980 when we were founded. While much has changed here at CC Pace and in the world in general (internet anyone?), we have been steady in our drive to meet the needs of our customers by providing valuable business solutions. Working with a national client base that ranges from tech start-ups to Fortune 500 companies as well as government entities – no company or project has proven to be too big or too small.
While we have remained consistent to our values and in our focus, another key aspect to our longevity has been our adaptability. For instance, CC Pace’s biggest client during our first year was the Department of Energy and we were deeply involved with the Oil and Gas industries. As we grew and our client base expanded, we shifted direction to the telecommunications and the financial services/mortgage industry. We focused our strategic planning on truly understanding how innovative technologies and methodologies work, and when and where to apply them. For example, back in 1999, when others were consistently using the waterfall approach, CC Pace started to think differently and used an Agile methodology, XP, for the first time on a custom software development project.
Our adaptability has also come into play as we have successfully navigated our way through many challenging times including the financial crisis of 2009 and most recently the coronavirus pandemic, we find ourselves in today. By seizing the opportunity to adapt to the market, investing in our people and discovering new technologies, CC Pace has successfully kept up with our clients’ needs. We are carrying that adaptability into 2020 as our development teams are currently creating mobile apps and working on cloud transitions and integrations. It is through these continued efforts and our ability to adjust to the market, that CC Pace has become a nationally recognized leader in Agile training and coaching, custom application development, financial and healthcare services consulting and IT staffing.
We invite you to stay tuned to our next 40 Years and Forward blog series in which we’ll share deeper insight into our company culture. And, how our team has thrived in a social, collaborative and productive environment that even encourages playfulness while at work!
CC Pace is seeking a Mortgage Subject Matter expert as introduced here by Senior Recruiter, Rechelle Card. In this exciting position you will work with a wide variety of mortgage clients on an array of projects. If you think you are ready to make a change and become an important member of our Financial Services team please apply for this exciting opportunity here and let’s talk!
“This isn’t a time to postpone your job hunt…” Yes, hiring may be slowing down, but it is not coming to a halt. There are many fulfilling jobs out there and now is the time to prepare yourself for that next great opportunity! This quick read outlines 5 job seeking strategies that will help put you ahead of your peers when this health crisis normalizes.
Taking the time to invest in yourself and completing a small job hunting task each day, will position you for success when hiring emerges to its normal feverish pace. Stay safe and healthy my friends and remember… be patient, persistent and most of all be flexible. #weareallinthistogether
Meet Morgan Romero the newest member of the CC Pace Recruiting Team! Morgan joined us in January and jumped right into her role as a Recruiter Assistant with great enthusiasm! We couldn’t be happier with her contributions to our recruiting efforts and are seeking someone just like Morgan for our new Recruiter position – if you think you are ready to take the leap and become a CC Pace Recruiter please apply for this exciting opportunity here and let’s talk about getting started on your new career today!
I have a deep interest in cybersecurity, and to keep up with the latest threats, policies and security practices, I became a member of ACT-IAC organization and enrolled in the Cybersecurity Community of Interest group. This is where I got the opportunity to work as a volunteer in the Zero Trust Architecture Phase 2 project. Hence, I am trying to share the knowledge I gained around ZTA strategy and principles. I am planning to break my blog into four series based on how the project progresses.
- What is ZTA?
- Real world deployment scenarios
- ZTA core capabilities
- Vendors providing ZTA capabilities
What is ZTA and how did it come into existence?
Traditionally, perimeter-based security has been used to protect the network infrastructure behind a firewall where if the user gets authenticated, they can access all the resources behind the firewall assuming all network users/devices as trustworthy. This caused a lot of security breaches across the globe where attackers could move laterally and exploit resources to which they were not authorized. The attackers only had to get through the firewall and later crawl across any resource available in the network causing potential damage in terms of data loss and other financial implications that can come via ransomware attacks.
Currently, an enterprise’s infrastructure operates around several networks like cloud-based services, remote users connecting from their own network using their enterprise-owned or personal devices (laptops, mobile devices), network location can change based on where the users/devices are connected from for e.g. public WIFI, internal enterprise networks etc. All these complex use cases made the possibility of moving away from perimeter-based security to “perimeter less” security (not confined to one network infrastructure) which led to the evolution of a new concept called as “Zero-Trust” where you “trust no one, but verify”. ZT approach is primarily based on data protection but it can be applied across other enterprise assets like users, devices, applications and infrastructure.
ZTA is basically an enterprise cybersecurity strategy that prevents data breaches and limits lateral movement within the network infrastructure. It assumes all the internal or external agents (user, device, application, infrastructure) that wants to access an enterprise resource (internal network or externally in the cloud) is not trustworthy and needs to be verified for each request before granting access to them.
What does Zero Trust mean in a ZTA?
In the above diagram, the user who is trying to access the resource must go through the PDP/PEP. PDP/PEP decides whether to grant access to this request based on enterprise policies (data/access/risk), user identity, device profile, location of the user, time of request and any other attributes needed to gain enough confidence. Once granted, the user is on an “Implicit Trust Zone” where it can access all the resources based on network infrastructure design. “Implicit Trust Zone” is basically the boarding area in an airport where all the passengers are considered trustworthy once they verify themselves through immigration/security check.
You can still limit access to certain resources in the network using a concept called “Micro-Segmentation”. For example, after getting through the security check and reaching the boarding area, passengers are again checked at the boarding gate to make sure they are entering the authorized flight to reach their destination. This is what “Micro Segmentation” means where the resources are more isolated to a segment and access requests are verified separately in addition to PDP/PEP.
Tenets of ZTA: (As per NIST SP 800-27 publication)
All the resources whether its data related, or services provided should be communicating in a secure fashion irrespective of their network location. Each individual access request will be verified before granting access to any resource based on the client’s identity, device they are using to request, type of application used, location coordinates and other behavioral attributes. Each access request granted will be authenticated and authorized dynamically and strictly enforced. In addition, the enterprise should collect all activity information, log decisions, audit logs and monitor the network infrastructure to improve the overall security posture.
What are the logical components of ZTA?
Policy Engine: Responsible to make and log decisions based on enterprise policy and inputs from external resources (CDM, threat intelligence etc.) to grant access or not to a request.
Policy Administrator: Responsible for establishing or killing the communication path between the subject and enterprise resource based on the decision made by PE. It can generate authentication tokens for the client to access the resource. PA communicates with PEP via the control plane.
Policy Enforcement Point: Responsible for enabling, monitoring and terminating communication between subject and enterprise resource. It can be either used as a single logical component or can be broken into two components: the client agent and resource gateway component that controls access. Beyond the PEP is the “Implicit Trust Zone” to access enterprise resources.
Control Plane/Data Plane: The control plane is made up of components that receive and process requests from the data plane components that wish to access network resources. The control and data planes are more like zones in the ZTA. All the resources, devices, and users within the network can have their own control plane component within them to decide whether the data should be routed further or not. In this diagram, it is just used to explain how control plane works for data plane components. Data plane simply passes packets around and the control plane routes them appropriately based on decisions made.
Note: The dotted line that you see in the image above is the hidden network that is used for communication between the various logical components.
Why should organizations adopt ZTA?
When adopting a ZTA, organizations must weigh all the potential benefits, risks, costs, and ROI. Core ZT outcomes should be focused on creating secure networks, securing data that travels within the network or at rest, reducing impacts during breaches, improving compliance and visibility, reducing cybersecurity costs and improving the overall security posture of an organization.
Lost or stolen data, ransomware attacks, and network and application layer breaches cost organizations huge financial losses and market reputation. It takes a lot of time and money for an organization to resume back to normal if the security breach was of the highest degree. ZT adoption can help organizations avoid such breaches which is the key to survive in today’s world, where state funded hackers are always ahead of the game.
As with all technology changes, the biggest challenge to demonstrate higher ROI and lower cybersecurity costs is the time needed to deliver the desired results. Organizations should consider the following:
- Assess what components of ZTA pillars they currently have in their infrastructure. Integration of components with existing tools can reduce the overall investment needed to adopt ZTA.
- Consider including costs or impacts associated with risk levels and occurrences when doing ROI calculations.
- ZT adoption should simplify, and not complicate, the overall security strategy to reduce costs.
What are the threats to ZTA?
ZTA can reduce the overall risk exposure in an enterprise but there are some threats that can still occur in a ZTA environment.
- Wrongly or mistakenly configured PE and PA could cause disruptions to the users trying to access the resources. Sometimes, the access requests which would get unapproved previously could get through due to misconfiguration of PE and PA by the security administrator. Now, the attackers or subjects could access resources from which they were restricted before.
- Denial of service attacks on PA/PEP can disrupt enterprise operations. All access decisions are made by PA and enforced by PEP to make a successful connection of a device trying to access a resource. If the DoS attack happens on the PA, then no subject would be able to get access as the service would be unavailable due to a flood of requests.
- Attackers could compromise an active user account using social engineering techniques, phishing or any other way to impersonate the subject to access resources. Adaptive MFA may reduce the possibility of such attacks on network resources but still in traditional enterprises with or without ZTA adoption, an attacker might still be able to access resources to which the compromised user has access. Micro-segmentation may protect resources against these attacks by isolating or segmenting the resource using technologies like NGFW, SDP.
- Enterprise network traffic is inspected and analyzed by policy administrators via PEPs but there are other non-enterprise-owned assets that can’t be monitored passively. Since the traffic is encrypted and it’s difficult to perform deep packet inspection, a potential attack could happen on the network from non-enterprise owned devices. ML/AI tools and techniques can help analyze traffic to find anomalies and remediate it quickly.
- Vendors or ZT solution providers could cause interoperability issues if they don’t follow certain standards or protocols when interacting. If one provider has a security issue or disruption, it could potentially disrupt enterprise operations due to service unavailability or the time taken to switch to another provider which can be very costly. Such disruptions can affect core business functions of an enterprise when working in a ZTA environment.
[ACT-IAC] American Council for Technology and Industry Advisory Council (2019) Zero Trust Cybersecurity Current Trends. Available at https://www.actiac.org/zero-trust-cybersecurity-current-trends
Draft (2nd 1) NIST Special Publication 800-207. Available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207-draft2.pdf
NIST Zero Trust Architecture Release: https://www.nccoe.nist.gov/projects/building-blocks/zero-trust-architecture
Welcome to the first blog in our 40 Years and Forward anniversary series! All of us here at CC Pace love thinking back about where we have been, what we have accomplished and all the experience we have gained here at CC Pace, but we get even more excited thinking about where we are headed. That’s why we have decided that 40 Years and Forward is the perfect theme as we celebrate our 40th anniversary.
We will start at the beginning in this first blog and do a bit of that much beloved reminiscing, shall we? Did you know CC Pace was founded in 1980? It’s true. The very same year that Pac-Man was introduced, CNN was launched and the big topic around watercoolers across the country was “Who Shot JR?” (in case you don’t remember or possibly were not born yet, it was his wife Sue Ellen’s sister, Kristen). Anyway, 1980 was also the year during which CC Pace President and founder, Mike Gordon held an IT position with a financial services technology consulting firm called R. Shriver and Associates. When that firm decided to sell off their DC branch, Mike and some colleagues jumped at the opportunity to purchase it, and so as the story goes CC Pace was born.
Here’s another piece of trivia and a question we get asked quite often: Where did the name CC Pace come from? It’s a bit of a long story, but here goes, Mike and his colleagues decided on the name Cabot Consulting for their new company. Back then, Oil and Gas was the market that CC Pace’s focus was on and unfortunately, as Mike and his partners found out, there was a Fortune 500 oil and gas company that was named Cabot Corporation. So, in 1988, they went through the naming process again. The result was the name ‘Pace’. Since Mike was looking for a way to transition from the old name to the new name, and the general consensus was to also consider adding either a word or prefix/suffix that would distinguish us from all the other Paces out there, it was decided to incorporate the prefix of C.C. that would reference Cabot Consulting. Yes, we admit our naming story is not a simple one, but that is how we ended up with our beloved name of C.C. Pace (aka CC Pace).
Now that we have taken a little stroll down memory lane, we would like to invite you to stay tuned to our 40 Years and Forward blog series to see how we have adapted to change over the years and what our plans are for the future.
What is App Modernization
Legacy application modernization is a process to update existing and aging applications with modern architecture to enhance features and capabilities. By migrating your legacy applications, you can include the latest functionalities that better align with what your business needs to succeed. Keeping legacy applications running smoothly while still being able to meet current day needs can be a time consuming and resource intensive affair. That is doubly the case when software becomes so outdated that it may not even be compatible with modern day systems.
A Quick Look at a Sample Legacy Monolithic Application
For this article, say a decade and half year-old, Legacy Monolithic Application is considered as depicted in the following diagram.
This depicts a traditional, n-tier architecture that was very common in the past 20 years or so. There are several shortcomings with this architecture, including the “big bang” deployment that had to be tightly managed when rolling out a release. Most of the resources on the team would sit idle while requirements and design were ironed out. Multiple source control branches had to be managed across the entire system, adding complexity and risk to the merge process. Finally, scalability applied to the entire system, rather than smaller subsystems, causing increase costs for hardware resources.
We define modernization as migrating from a monolithic system to many decoupled subsystems, or microservices.
The advantages are:
- Reduce cost
- Costs can be reduced by redirecting computing power only to the subsystems that need it. This allows for more granular scalability.
- Avoid vendor lock-in
- Each subsystem can be built with a technology for which it is best suited
- Reduce operational overhead
- Monolithic systems that are written in legacy technologies tend to stay that way, due to increased cost of change. This requires resources with a specific skillset.
- Strong coupling makes it difficult to optimize the infrastructure budget
- De-coupling the subsystems makes it easier to upgrade components individually.
Finally, a modern, microservices architecture is better suited for Agile development methodologies. Since work effort is broken up into iterative chunks, each microservice can be upgraded, tested and deployed with significantly less risk to the rest of the system.
Legacy App Modernization Strategies
Legacy application modernization strategies can include the re-architecting, re-factoring, re-coding, re-building, re-platforming, re-hosting or the replacement and retirement of your legacy systems. Applications dating back decades may not be optimized for mobile experiences on smartphones or tablets, which could require entire re-platforming. Lift and Shift will not add any business value if you migrate legacy applications just for the sake of Modernization. Instead, it’s about taking the bones, or DNA, of the original software, and modernizing it to better represent current business needs.
Legacy Monolithic App Modernization Approaches
Having examined the nightmarish aspects of continuing to maintain Legacy Monolithic Applications, this article presents you with two Application Modernization Strategies. Both listed below will be explained at length to get basic idea on to pick whatever is feasible with constraints you might have.
- Migrating to Microservices Architecture
- Migrating to Microservices Architecture with Realtime Data Movement (Aggregation/Deduping) to Data Lake
In this section, we shall take a dig at how re-architecting, re-factoring and re-coding per microservices paradigm will help avoid a lot of overheads of maintaining a legacy monolithic system. The following diagram helps you better understand Microservice Architecture – a leap forward from legacy monolithic architecture.
At a quick glance of above diagram, you can understand there is a big central piece called API Gateway with Discovery Client. This is comparable to a Façade in a Monolithic Application. API Gateway is essentially an entry point to access several microservices which are comparable to modules in Monolithic Application and are identified/discovered with the help of Discovery Client. In this Design/Architecture of Microservices, API Gateway also acts as API Orchestrator as it resorts to one Database set via Database Microservice in the diagram. In other words, API Gateway/Orchestrator orchestrates the sequence of calls based on the business logic to call Database Microservice as individual Microservices have no direct access to database. One can also notice this architecture supports various client systems such as Mobile App, Web App, IOT APP, MQTT App et al.
Although this architecture gives an edge to using different technologies in different microservices, it leaves us with a heavy dependency on the API Gateway/Orchestrator. The Orchestrator is tightly coupled to the business logic and object/data model, which requires it to be re-deployed and tested after each microservice change. This dependency prevents each microservice from having its own separate and distinct Continuous Integration/Continuous Delivery (CI/CD) pipeline. Still, this architecture is a huge step towards building heterogenous systems that work in tandem to provide a complete solution. This goal would otherwise be impossible with a Monolithic Legacy Application Architecture.
Microservices Architecture with Realtime Data Movement to Data Lake
In this section, we shall take a dig at how re-architecting, re-factoring, re-coding, re-building, re-platforming, re-hosting or the replacement and retirement of your legacy systems per microservices paradigm will help avoid a lot of overheads of maintaining a legacy monolithic system. The following diagram helps you understand a complete advanced Microservices Architecture.
At the outset, most part of the diagram for this approach looks like the previous approach. But this adheres to the actual Microservice paradigm more than the previous. In this case, each microservice is individual and has its own micro database of any flavor it chooses to be based on the business needs and avoids dependency on a microservice called database microservice or overload API Gateway to act as Orchestrator with business logic. The advantage of this approach is, each Microservice can have its own CI/CD pipeline release. In other words, a part of application can be released with TDD/ATDD properly implemented avoiding costs incurred for Testing/Deploying and Release Management. This kind of architecture does not limit the overall solution to stick to any particular technical stack but encourages to provide quick solutions with various technical stacks. And gives flexibility to scale resources for highly hit microservices when necessary.
Besides this architecture encourages one to have a Realtime Engine (which can be a microservice itself) that reads data from various databases asynchronously and apply data aggregation and data deduping algorithms and send pristine data to Data lake. Advanced Applications can then use the data from Data lake for Machine Learning and Data Analytics to cater to the business needs.
Note: This article has not been written any cloud flavor in mind. This is general App Modernization Microservices architecture that can run anywhere on-prem or OpenShift (Private Cloud) or Azure Cloud or Google Cloud or AWS (Private Cloud)
It’s that time of the year when we get together with friends for fun, good food and some friendly rivalry. That’s right, it’s Superbowl weekend and we here at CC Pace decided to kick it off early with a Jeans and Jersey day! Although we have nothing but love and respect for both the Chiefs and the 49ers, we didn’t want to exclude any form or flavor of team spirit. So, we opened the jersey wearing to any team, in any sport. And, Pacers did not disappoint! People joined in on the fun and showed up in an array of team attire and we shared a field of treats!
We decided we needed to add some competition to our festivities and played a Superbowl word game and guess who the big winner was…CC Pace president, Mike Gordon – Way to go Mike! (and, no we did not let him win because he is the president, we are all way to competitive for that!)
You may notice in the pictures that there was a clear shortage of the Superbowl’s colors, but everyone did have a clear pick on a winner for the big game. The majority of us are rooting for the Kansas City Chiefs, and not just because they haven’t won a Superbowl since 1969 (well, maybe that’s part of it). Go Chiefs!
We recently conducted a (sold out!) webinar on the LIBOR Transition, driven by the NY DFS sending a letter to over 1,000 companies that they regulate Board of Directors, with a response due on March 23, 2020.
The first question we received in response to the webinar was “you guys use a lot of acronyms, can you explain what it means, please?” And it’s true, we do use a lot of terms, so we put together a LIBOR transition cheat sheet (a Glossary) to explain not only what each acronym means, but why it is important in a LIBOR transition context.
Some facts about LIBOR:
- LIBOR has been in use since the 1970’s and is well understood by the markets and regulators.
- Many loans use LIBOR as an index rate, especially mortgages and student loans.
- However, dollar volume of LIBOR based contracts, futures, options, or other types of derivatives is far greater than its use in loans.
- Although people talk about it as if it were a single number, it actually has its own “Term Structure” (see our glossary) with 7 different rates and its own yield curve. Having a Term Structure is a great attribute for a Reference Rate to have, and most Alternative Replacement Rates do not have that, at least not yet.
- The Financial Conduct Authority (FCA, below) that oversees the publication of LIBOR decided in 2017 to not compel any bank to contribute to the LIBOR process after December 31, 2021. This means it is very unlikely that banks will participate after this date, and LIBOR will cease to be credible if it exists at all.
- Liquid markets require many participants. Therefore, regulators and associations are issuing Replacement Guidance to move participants to a new market. In the US, the ARRC (below) is guiding markets towards SOFR (below).
Here are the first four LIBOR-related acronyms you’ll hear us mention when we talk about the transformation. The full list of terms can be found here. It will be updated on a regular basis.
The primary goal of Marine Toys for Tots is to help bring the joy of Christmas through the gift of a new toy and send a message of hope to America’s less fortunate children. To join in this amazing effort, CC Pace signed up to be donation center for a second year in a row. Our employees shined with generosity and holiday spirit by overflowing our donation boxes! Not only did they provide games, dolls, books, cars, scooters and toys, but a group of them even took time to go out and shop together for our corporate donation – and as our video shows, had a blast while doing so! Here’s to Toys for Tots for celebrating their 72nd year in spreading joy!
The holiday season brings with it a flurry of fun activities, things like, gatherings with family or friends, taking part in treasured traditions and eating special dishes (there is always so much food!). With all those things in mind we have decided to kick off the holiday season with a festive and fun blog where we surveyed the CC Pace team to find out what they enjoy most during this time of year. So, without further ado, here’s a little insight on what our team enjoys most about the holidays:
What is your favorite holiday dish (excluding dessert)?
Stuffing was the #1 answer with 49% of CC Pacers in agreement! Looks like we have a lot of carb lovers, and they like a variety of stuffing. The answers varied from “inside stuffing” to “chestnut stuffing” to “cornbread stuffing” and just the classic “stuffing”. So, let’s hear it for stuffing!!
Which outdoor winter activity do you enjoy most?
- Building a snowman – 5%
- Skiing, Snow Tubing and/or Sledding – 40%
- Shoveling snow – 0% (hey, some people like shoveling snow – right?!)
- None, I like to stay inside and watch the snow from there – 55%
Apparently, staying cozy and warm inside is the priority for most of our team on a snowy day! Speaking of snow, here’s an interesting fact for those who live in the DC area: this year local forecasters are calling for a total snowfall of 10-16 inches inside the beltway, and 15-25 inches outside. Let’s all look back here in April and see how well their predictions held up!
What is your favorite holiday movie?
When it comes time to sit back and relax our team clearly goes for the comedies, with Love Actually and Christmas Vacation tying for the #1 favorite holiday movie, to which we can only say “yes, please”!
Which method do you prefer for holiday shopping?
- Shopping online – Amazon Prime all the way! – 68%
- Going to mall – I like the hustle and bustle of the crowds and grabbing my Starbucks! – 32%
Do you have a charitable organization or volunteering opportunity that you like to attend/favor during the holidays? If so, which one?
Our employees are very generous year-round, and this season is no different. Here are the Top 5 charity organizations they will be supporting during the holidays:
- Toys for Tots seems to be the most popular charity at this time of year amongst our team. That is great news for us since this year CC Pace is again participating as a collection center for the Marine Toys for Tots Program. Toys for Tots was started in 1947 and distributes an average of 18 million toys to 7 million less fortunate children annually. All are welcome to drop off toys at our headquarters through December 13th!
- Wreaths Across America
- SOME (So Others Might Eat)
- St. Jude Children’s Research Hospital
- Tie – several local shelters and children’s charities.
Eggnog or Hot Chocolate?
Hot Chocolate by a landslide – 75%.
What is your favorite Christmas carol or holiday song?
All I Want for Christmas Is You, by Mariah Carey, was released in 1994 and quickly rose to the top of the charts; it is the most downloaded Christmas song of all time. Ms. Carey said when recording this song that she wanted to create a classic, and that she certainly has accomplished!
From CC Pace to all of you, have a happy holiday season full of good cheer and best wishes for the new year!
One of our very own just celebrated this big milestone and rather than just giving you the 411 on it all, we’d like to change things up a bit and play a guessing game with you! If you’d like to play along keep reading, and no peeking at the pictures below. So, can you guess who it is? No? Well it is probably a bit hard given that CC Pace’s employees have an average tenure of 12+ years of service, so we figured we would give you some other clues to help you narrow down your guess:
Clue #1 – This person is a favorite amongst both those of us as CC Pace and our clients.
Clue #2 – This person speaks fluent Russian.
Clue #3 – This person recently obtained their AWS Practitioner certification.
Clue #4 – This person has musical talent and plays the bass.
Clue #5 – This person is also a skilled tennis player.
Still haven’t figured it out? then let’s keep going… Joining CC Pace in 2004, this person was part of the mortgage technology offering LOS Advantage. After working on various projects for us, they began working at the Municipal Securities Rulemaking Board (MSRB) on the EMMA product, and have been there for over 10 years. During their time at MSRB, they have been consistently praised for their ability to deliver what is asked of them, and always delivering on time.
Need another hint? Now our team lead at MSRB, they constantly work on building their technical skills, learning and adapting to different methodology frameworks, and working very well with people (seriously, everyone loves working with this person). The leadership at MSRB epitomizes the type of client partnership we strive for, one built on value, trust and all-around success, and is due largely to this individual.
Ready for the big reveal??
Please join us in congratulating Leo Belenky for his 15 Year Anniversary at CC Pace. Our president, Mike Gordon presented Leo with his service award and highlighted how his hard work and dedication are vital to the success of our organization. Thank you Leo, for 15 wonderful years of service! And, to our readers, thank you for playing along!
I recently attended a Data Connectors Cybersecurity strategies conference in Reston, VA. Companies practicing various security solutions had speakers’ sharing knowledge about security threats that are currently affecting the market and how to protect an IT organization against such attacks. Interestingly, Sophos speaker Paul Lawrence (cybersecurity sales engineer) discussed Ransomware as a Service (RaaS) and how to protect against these attacks. Below you will find the high-level information that I gathered in this conference which I feel will help others who are unaware of this threat.
P.S. – This is just an informatory blog on what RaaS is and how to prevent IT organizations from this attack.
What is Ransomware as a Service?
In layman’s term, RaaS is an unusual type of software as a service provided over the internet by criminals to attack IT systems and get paid ransom for it.
In 2018, 53% of the organizations were hit by ransomware and 1/3 of them paid ransom to recover from the ransomware attack.
How it works?
Suppose I am the bad guy who wants to hack machines, data, information but doesn’t want to reveal the identity and, I want to get paid ransom for hacking.
I can use RaaS (Ransomware as a Service).
I need to register my account by providing the bank details where I want to be paid the ransom. All my information that I provide to this service platform will be safe and it won’t be tracked (presumably).
Next, I download the viruses from this service platform and start infecting machines. Once infected, I can provide details about where they can pay the ransom to recover from the attack.
Now anybody can be a hacker using this RaaS service since malicious actors have created various models to attack any IT system. All you need is to follow the guidelines they provide with step by step details.
How do RaaS providers make revenue?
They will collect ransom from the organizations or individual vendors who were attacked through RaaS account payment system. Once they get paid the full ransom, a share of that money goes to the criminal who initiated this account payment by registering for this service.
Basically, a win-win situation for both the RaaS provider and the malicious actor who used this service to attack the IT system of the organization or individual vendors.
Types of Ransomware attacks
- Traditional ransomware attack: The attack is automated and doesn’t need manual intervention. It can spread rapidly across the globe. WannaCry is the most widely known traditional ransomware variant that infected nearly 125,000 organizations in over 150 countries.
- Targeted ransomware attack: This is a well-planned manually targeted attack by attacking the network and computers on the network. RobbinHood variant was used in the Baltimore ransomware attack which compromised most of Baltimore’s government computer systems. 13 bitcoins was the ransom demanded to unlock the computers.
Prevent from Ransomware attacks
Ransomware attacks are getting more targeted. One of the primary attack vectors for Ransomware attacks is Remote Desktop Protocol (RDP)
- Lock down RDP
- Use Strong passwords.
- Do not disable Network Level Authentication (NLA), as it offers extra authentication level.
- To learn more, please go to Malwarebytes Labs.
- Patch to prevent privilege elevation
- Limit the users to those that really need it
- Secure your network both from the outside and inside
- Disaster Recovery plan or Aftermath of an attack
- We need to ask this question to ourselves “Do we really need remote access?”
Selfie taken at the Data Connectors cybersecurity event 😊
Are you a seasoned Agile Practitioner interested in expanding services beyond yourself while providing strategic guidance to a variety of clients?
CC Pace is currently looking for a dynamic Agile Thought Leader who is ready to make an immediate impact and drive our Agile transformation services. The ideal candidate is local to the DC metro area, is comfortable making decisions and implementing innovative ideas. CC Pace will provide a flexible working environment and support interest in growing a personal reputation in the global Agile community, in addition to a competitive, comprehensive suite of benefits.
What will an Agile Thought Leader at CC Pace do?
- Set the direction for our Agile transformation services, drive strategic imperatives, define Agile offerings, establish priorities and grow our Agile business
- Represent CC Pace at conferences, through independently orchestrated thought leadership and by guiding client engagements
- Provide strategic guidance to clients through enhancing, producing and delivering Agile training and coaching both in person and via alternative delivery modes
- Build and mentor a team of consultants to deliver the services both with internal staff and business partners
- Define and brand CC Pace while developing new relationships in the Agile community
- Current certified Agile credentials or equivalent level of experience
- Strong communication and presentation skills – must be versed at public speaking and a capable writer
- Proven experience leading Agile engagements, including developing training materials and coaching at both the enterprise and team level
- Ability to demonstrate leadership experience in IT delivery, including building and sustaining high-performing teams
- Strong leadership skills that will support setting the direction for our Agile practice, managing a team of resources and driving the Agile offering and delivery strategies
- Ability to provide ample thought leadership to further our footprint in the Agile community
- Strong business acumen that will assist in supporting the sales & marketing efforts involving Agile transformation services
At CC Pace we have a strong referral program and encourage not only our employees but even those who don’t work for us to take advantage of it – so if you know someone who would be a fit for this position please refer them!
For more information regarding this Agile Thought Leader position, please contact Rechelle Card, email@example.com
For CC Pace’s 2nd quarter community outreach event, we collected personal care items in support of the Katherine K. Hanley Family Shelter (KHFS). KHFS is located in Fairfax, right around the corner from our office!
Thanks to everyone who participated. We were able to collect and put together “Care Kits” for 15-20 children, 10-12 women and 10-12 men. These Care Kits were comprised of items such as tooth paste, shampoo, conditioner, body wash and a tooth brush. These items will go to the families and individuals in need at the Katherine K. Hanley Family Shelter.
KHFS opened in 2007 and was the first emergency shelter in Fairfax County to adopt a rapid re-housing approach – an approach that was so successful, it has been incorporated into all emergency shelters in Fairfax County. Currently, KHFS houses 72 people, 45 of which are children. KHFS is part of the Shelter House organization.
Shelter House is a community-based, non-profit organization that provides crisis intervention, safe housing, and supportive services to homeless families and victims of domestic violence in our community. Shelter House was formed in 1981 as a grassroots responder to the homelessness crisis in Fairfax County. Shelter House is comprised of 3 emergency shelters: the Katherine K. Hanley Family Shelter, Artemis House and the Patrick Henry Family Shelter.
In the past year, across all programs, Shelter House served over 2,300 individuals, more than half of which were children. Of the families that exit Shelter House, nearly 70% move to permanent housing.
Thank you to everyone for your support and participation!
If you would like to learn more about Katherine K. Hanley or Shelter House, follow the link below:
There is a great team of people who work at CC Pace. We took a few minutes to get up close and personal with George Perkins, Ron Peterson and Suzie Wheeler, three of the people whose roles are front and center with our clients and candidates.
George is a Practice Manager who has just celebrated his 25th anniversary with CC Pace. George is responsible for the management of several of our client accounts and staff augmentation services. His primary focus in on the financial services and healthcare industries. Always the jokester, George is never one to miss the opportunity for a good one-liner during a meeting! Connect with George on LinkedIn.
We asked George some questions, and here’s what he had to say:
- Do you participate in some community outreach you would like to highlight? At CC Pace we believe in giving back to the community and participate in multiple events each year. Over the past few years I’ve been involved with the Ronald McDonald house, Homestretch’s backpacks for school kids, and sponsoring local families for Christmas. Also, I enjoy helping out with the local animal shelter.
- What professional groups do you belong to and what professional events do you attend? I attend NVTC events, Agile DC, and belong to WARN (Washington areas recruiters’ network) and ASA (American Staffing Association). I also represent CC Pace at job fairs and other IT conferences.
- What is your favorite…
- Food? Almost anything Asian, love the spices.
- Movie? Pulp Fiction and American Beauty
- Book? On the Road
- Team? Redskins
- Quote? “It’s just a flesh wound”
- Dog or Cat? Dog
- If you could do Carpool Karaoke with any singer living or dead, who would it be and why? Neil Young, I love his music and would be interested in talking to him about the days living in Laurel Canyon in the mid/late 60’s when all the great music/musicians were hanging out there.
Ron is our Senior Practice Manager for Federal Business Development. He focuses on building relationships and networking with government agencies on the local, state and federal level. Ron is probably one of the most easy-going people in the office. His calm demeanor and willingness to help out make working with him a true pleasure. Connect with Ron on LinkedIn.
So, Ron, tell us …
- Do you participate in some community outreach you would like to highlight? For 30 years, I have been volunteering in Federal and State prisons and local jails. Currently I am volunteering at Fairfax County Adult Detention Center.
- What professional groups do you belong to and what professional events do you attend? I belong to ACT-IAC and National Contract Management Association (NCMA). I also attend various conferences and industry events representing CC Pace.
- What is your favorite…
- Food? Seafood
- Movie? The Invisible Guest
- Book? The Bible
- Team? Yankees, Giants, and Golden State Warriors
- What is your hidden talent? Chess and Bid Whist (Bid Whist is an exciting, popular partnership trick-taking game. It is played with a standard 52 card deck plus 2 jokers, for a total of 54 cards).
Suzie is our Talent Acquisition and Recruiting Manager. She is responsible for the on-going strategy to find employees for the company with specific skillsets and recruiting for our clients’ technical positions. Suzie is always smiling, happy and has a pep to her step. She brings her positive attitude and enthusiasm to the entire CC Pace team. Connect with Suzie on LinkedIn.
Other fun facts about Suzie are:
- What professional groups do you belong to and what professional events do you attend? I belong to Women in Technology, SourceCon, and Project Save. I attend multiple events for various technical meet-up groups in the DC area, technical job fairs and agile conferences.
- What is your favorite…
- Food? Mexican, Maryland Blue Crabs, Spicy foods
- Movie? It’s hard to say just one, The Bucket List, Pay it Forward, The Notebook, Green Book
- Book? Disclosure by Michael Crichton, and The Secret by Rhonda Byrne
- Team? Dallas Cowboys and University of South Carolina teams
- Quote? “In the midst of movement and chaos, keep stillness inside of you” ~ Deepak Chopra
- Dog or Cat? Definitely dog
- If you could witness any historical event, what would you want to see? Probably witnessing the life of Jesus, I have so many questions about the events of this timeframe.
Our recent quarterly meeting made for a fun afternoon and evening for everyone. We had a lively staff meeting with presentations, service awards and team building activities, followed by a festive gathering at Dave & Busters.
At CC Pace, we’re lucky to have so many tenured employees. As our team members celebrate their CC Pace anniversaries, they are recognized by their colleagues and leadership team for their contributions throughout the years. We kicked off our service awards recognizing Chris Soule, Technical Consultant, for his 5 year anniversary with CC Pace. Chris was hired for an opening we had on our development team for MSRB. His success with this client continues today, where he has become a key leader on the EMMA project working not only on the data base side, but also helping to revamp the user interface. Per our client, Chris is the epitome of a team player! Chris, may you continue to inspire us for many years to come!
George Perkins, Practice Manager, was recognized for celebrating his 25th anniversary with us! George was hired as our first full-time recruiter. Over the years, as the staffing area of the business has evolved, he moved into the role of an Account Manager for some of our major clients. George’s philosophy has always been work hard towards success and have fun while you’re doing so – and he does just that! George, we thank you for your energy, enthusiasm and corporate commitment!
To take advantage of the rare moments our people are actually all together, we used this time to engage in some team building activities that were facilitated by Debbie Shatz, Sudhindra Shetty and the “always up for a good time”, George Perkins. Divided into 5 teams with red Solo cups in hand, our staff took aim at various building and stacking tasks (and, did we mention there were prizes)! Lots of cheering and yelling lead to some pretty hilarious bragging rights by the winners!
EAT. DRINK. PLAY. We kept the party going and had everyone move over to the new Dave & Buster’s in Fair Oaks Mall for an entertaining evening! There was food, drinks, billiards and of course lots more games and plenty of, should we say friendly competition. Together everyone enjoyed some good old fashioned laugh-out-loud fun!
The new URLA is coming. But the status report, for July 2019, is decidedly Red.
Warning signs regarding the immensity of the forthcoming changes have been out for well over a year, yet it seems some lenders are just starting to realize the size and implications of the coming changes related to the new loan application – the Uniform Residential Loan Application (URLA, aka 1003 or form 66). This is the first of a short series of blogs exploring the benefits and challenges that lie ahead.
The URLA is undergoing a total redesign for the first time in 30 years and that is driving major changes in four areas:
- The application itself – its form, data elements, organization and fundamental operation
- Its corresponding data file, the Uniform Loan Application Dataset (ULAD)
- The agencies’ automated underwriting systems (DU, Fannie Mae’s Desktop Underwriter and LP, Freddie Mac’s Loan Prospector) submission, interfaces and files
- The retirement (at least not keeping current) of the Fannie Mae DU3.2 file, which has long been the industry de facto standard for transferring data.
The optional date is coming soon – July 1, 2019 – and the required date is February 1, 2020 – not very far away for a truly major change.
When the subject of the new ULRA came up at the recent National Advocacy Conference, a gentleman sitting at my table said, “My vendor is taking care of it.” When he didn’t smile and the rest of us figured out that he was serious, the branch manager and the lawyer at my table both asked him “You mean your vendor sets your policy for how to fill out the language preference and whether you let the MLO do that instead of the borrower?”
I saw two other issues myself, including “Which vendor?” and “Are all your counterparties ready? Does your entire process work end-to-end?”
On the issue of leaving things to your vendor, even small lenders are likely to be dealing with two or more vendors who not only have to be ready, their systems have to be tested together to make sure that your process works.
Below is a simplified snippet taken from CC Pace’s Reference Architecture, showing internal interfaces that are affected by the new URLA:
That’s a lot of moving parts undergoing substantial change that need to continue to work together. Let’s look at things from the perspective of relatively common test cases. It seems reasonable to expect that a POS submission to DU and an LOS submission to DU will both work. But in an equally common, but decidedly more complex scenario, when you take the application on the POS, transfer the loan to the LOS, where you rerun DU and then request a set of documents from your doc vendor, it’s not hard to imagine that initially something will break down, simply based off of different assumptions that were made.
On the issue of counterparty readiness, the reference architecture reveals even more counterparties and vendors that have to be ready and that you will have to test your process with:
But wait, there’s more! As far as the industry is concerned, not only do you and your counterparties have to be ready, but the entire ecosystem has to be ready, end-to-end. And the status for that is decidedly red.
Take the previous difficult test case and now extend it to a common industry chain. A broker starts the application, it closes with a mortgage banker who then sells it to a correspondent investor, who now runs Early Check or LQA on it, purchases it from the mortgage bank and then delivers it to Fannie or Freddie. It is known that this will not all work in July 2019.
Here is what I gleaned from the MBA ResTech call from May 16th, 2019:
- Many individual vendors appear to be ready – but what that means is that they are ready to be tested in conjunction with other counterparties in the ecosystem
- Not all components necessary for an agency correspondent transaction are ready
- Correspondent Purchasers are starting to issue guidance that they will not purchase loans on the new URLA until 2020
It is CC Pace’s recommendation that every organization be extremely active monitoring the status of the new URLA both within and outside of their company; it is impossible that “our vendor is taking care of it all” is the right answer. This July through February represents a significant and much needed test period, not just for the systems and your process, but also for your compliance and training.
Some Correspondent Purchasers are issuing their own guidance on the matter. Have you?