Tag: planning

  • Addressing Technical Debt With Minimal Cost

    Addressing Technical Debt With Minimal Cost

    Organizations small and large move forward at an increasing pace. That makes it easy for things to be lost in the activity required to maintain our focus. These lesser tasks often include important deliverables that we say we will “get done later.” That is also known as technical debt. Put simply; these are the items left to do if we were to complete a project. When they are left undone, we are not able to claim a project or task is complete. This situation may seem easy to solve (just do the work), but it is not that simple. We have projects that are “good enough” that are super-ceded by higher priority projects. Here are some ways to address that technical debt without having to sacrifice those high priority projects.

    Research And Improvement Hours

    Many years ago, Google had a benefit for its staff that was shrewd in its approach. They set aside Fridays for personal projects for all the staff. These could be running with ideas for a side hustle or improving parts of the company or product. The organization sacrificed some time, but it ended up increasing the overall productivity of their workers. People will put in extra effort for things they enjoy. This benefit also made employees feel more ownership over the projects they worked on.

    There are many ways to adopt this approach to your situation. The easiest is to set aside a few hours each week for employees to work on whatever they desire. It could be training, chasing down a side project, or improving something they currently are working on. Those options may seem too open-ended. However, many employees will be willing to use that time to eliminate technical debt to feel better about the work they have done. There is also a morale boost that projects like this give to staff. The change in work focus allows them to do something different, which appeals to them more. They sometimes even find that there are parts of their job that they enjoy.

    Fill In The Gaps

    Many productivity suggestions include finding ways to tackle little things among the larger tasks. In our modern world of waiting for people to show up for a meeting, reply to an email, or waiting on vendor responses, there are many times we have “downtime.” These events could have us sitting and waiting without being productive while our path forward is blocked. When we have a list of little tasks available, those can be used to make use of that time. Fortunately, many technical debt items are a perfect fit for this.

    For example, documentation is often some portion of technical debt. In many cases, we can pick up and put down documentation projects fairly quickly. They have little intellectual requirements, and a rough draft of notes can quickly be captured. When these small tasks are made available to staff (or pointed out to them), there are opportunities to chip away at the debt list. Just a few minutes a day on these tasks can add up quickly over time.

    Technical Debt Side Projects

    It was mentioned earlier that a change in focus could be refreshing. Many of the technical debt items require a small project to address the need. This need can be in the form of data migration, simple automation, or data entry. All of these can be side projects assigned out to staff or for staff to choose. These side projects are typically one-offs where there is a lot of freedom to choose how they are done and the technologies involved. That can be a win-win for an organization. The staff member can use a side project to learn a new skill while the organization gets a needed item completed. In some cases, these side projects can lead to ideas for commercial products and other game-changing solutions.

  • The Danger Of Almost Complete Software

    The Danger Of Almost Complete Software

    It is hard to keep up with the number of times I have worked into a phase of “almost complete software.” We often see this as a marker or milestone that tells us a little push is all that is left. However, that is rarely the case. It seems like the end of the implementation phase is a trigger for this lofty status. We all fall for it. Our product implementation is approaching a final milestone and extend that to being almost done. We overlook so many details that are yet to be done. In listing out some of these details, I am hoping that we can all be a little more realistic in our expectations and setting the same.

    Testing Almost Complete Software

    Testing cycles can be very short and almost ignored. However, that often ends in low-quality software and unhappy customers. A proper testing cycle can be time-consuming and will often churn on a couple of bugs or features. It is rare for e a project to sail through testing without time spent clarifying issues, how to reproduce bugs and requirement reviews. This phase alone can make the almost complete software claim seem laughable.

    Deployment Challenges

    Things are getting better with modern CI/CD processes and tools like Docker. These tools and processes help us start working on deployment issues sooner in the SDLC process. However, there is no replacement for the final deployment. It is amazing how often simple things like a point release difference in software, a seemingly negligible configuration value, or changing an address or network can bring down software. Even worse, the errors that appear in production and can not be seen in development often take a while to be identified. That also means these can take a lot of time to track down and correct.

    Understandably, one would feel close to the end at this point. The gotcha is that putting something on a production server is when the rubber truly hits the road. User Experience becomes a much more critical factor, and you often see load impact for the first time when you hit production. While many of these issues are addressed in future releases, I have also seen products languish amid deployment issues.

    Edge Cases

    A good set of requirements that are used to measure progress can help with this issue. Nevertheless, it is not uncommon to run into edge cases and unusual situations that only become visible when you get near the end of a project. These can be attributed to going after “low-hanging fruit” early on in testing and implementation. On the other hand, when we consider the 80-20 rule, this makes all kinds of sense. The two ideas are likely closely related. That last fifth of your journey in building software is going to be beyond the bugs that are easy to identify and fix. You are now in the area where significant challenges like “randomly” appearing bugs and race conditions need to be tackled. These alone can convert almost complete software to early steps in a death march.

    I apologize, but I have been on a kick thinking about anti-patterns. They are fascinating to me and an essential part of planning for success. If you want to learn more, then you can find more about anti-patterns all over the web. There are some patterns out there as well, but if you at least avoid some of these project planning, estimation, and execution anti-patterns, your odds of success will increase significantly.

  • Why Security Awareness Matters To You

    Why Security Awareness Matters To You

    In the last few years, the idea of security awareness has risen to at least being on the radar of many CIOs. However, the general concepts around this topic are not seen as important enough to many outside of the IT world. The threat of cyber-based attacks is a reality for all of us. That alone makes this a subject we all should be concerned about. It is worth our time and investment to put a good program in place.

    Security Awareness is Affordable

    I find that too often security implementation and its high costs are confused with awareness. This is similar to thinking that educating people on health issues is the same as treating those issues. However, there are substantial security awareness programs like Ninjio, Know Be 4, Secure ED, Security IQ, and Media Pro that are professionally created, high-quality, and cost around a few dollars a month per person. Think about those costs. A family of four could take advantage of a SA program for roughly ten dollars a month. You may laugh at the family idea but how many children now are almost always connected and have access to texts, email, and social sites?

    The cost of falling into a scammer trap can quickly climb to scary heights in time and money. That risk alone should make you rethink the value of a SA program. Likewise, the fortune you save may be your own.

    It Is Constantly Evolving

    Even IT professionals can fall for phishing scams. Yes, read that again. Your daily work in the IT world does not make you automatically protected from scams. There is always a new scam out there, and knowledge is critical to avoiding them. For example, have you heard of scams where people buy a house and find out they did not buy a house? Instead, scammers walked off with the money. There are too many new ways for people to trick you to keep up with the latest approaches. That is where SA comes in. You have people working to inform you of the latest scams, test your knowledge, and even test that you paid attention to the material.

    How Does It Work?

    At this point, I hope you are at least considering checking out some security awareness programs or asking your IT leadership to do so. That means you are wondering what to expect with such services. The good and bad news is that they are all very similar. That is good because of so many excellent options. It is bad because it can be hard to choose. Most programs send material on roughly a monthly basis. This is often an email of some sort, and most include a video tutorial that goes over the latest things to look for. This may seem tedious and boring. However, the videos are usually ten minutes or less and can be highly entertaining. Some are even produced by entertainment writers like those that put together the shorts on Saturday Night Live and similar television shows.

    The videos/content is just part of a good program. You will also periodically be sent phishing emails, phone calls, or texts to help expose you to the kind of things to watch out for. If you fall for the scam, then you are sent a “you should not have clicked” form of email or message that educates you on how to avoid such things in the future. This combination of educational material and practical testing has been shown to reduce the effectiveness of all forms of scams dramatically.

    I Want To Learn More

    Here are a few links to help you get up to speed on security awareness programs and vendors.

    https://www.itgovernanceusa.com/security-awareness-program

    https://www.infosecinstitute.com/iq/awareness/

    https://www.knowbe4.com/

    https://ninjio.com/

    https://www.mediapro.com/security-awareness-trainingpack/