Agile is unavoidable in modern corporate IT, and it is therefore an inescapable part of life as a cyber security professional. Here’s a brief introduction to the project management framework’s key priorities, players, and processes.
While I’ve written about some interesting technical subjects (and will continue to do so), I realise that for this to be a complete cyber security blog I’ll also need to cover the non-technical side of the industry. One of the biggest culture shocks on moving into security was adapting to the Agile project management framework, which is inescapable in a modern-day IT function.
Project management was non-existent in my old job – we got stuff done, but there wasn’t much structure. When I started out in cyber security there was suddenly project management everywhere I looked. Initially I thought it was mostly consultant talk, but over time I’ve come to understand exactly how Agile works and the benefits it brings when it functions as intended.
What is Agile?
Agile is a way of organising teams and processes within a project. It is primarily focused on the software development lifecycle, but the structure the framework provides is equally useful for other projects. Evangelists will lists many more, I’m sure, but in my eyes there are two primary benefits:
- Working software is prioritised. The product is developed in increments. At the end of each increment, the product is in a state where it could be released, even if it is not.
- Quality is ensured. The product undergoes testing at the end of each increment, meaning that any issues can be detected and rectified before they become too embedded.
You could say that the way I’m developing my Raspberry Pi Home Hub aligns with Agile. I’m completing a sprint (I’ll explain the jargon later) for each module. At the end of each increment I test the software to ensure it works. If I wanted to, I could release the software after completing any individual module and all of the features developed to date would be functional, even if there’s more to add later.
Roles within Agile
Again, you could get more complex with this, but at the core of Agile there are three primary roles:
- Product owner – This person is basically the boss. They sit at the top of the organisational pyramid, acting as a gateway between the project and external stakeholders.
- Scrum master – Sitting directly under the product owner, the scrum master manages day-to-day product development activities and administrates project management.
- Development team – Where the magic happens. This is the group of people who have the technical know-how and get the actual product development work done.
You’re probably already forming an idea of how Agile development works based on the objectives and the people involved, but let’s take a look at the process in detail.
The Agile lifecycle
The Agile project management framework centres around sprints, which are two-to-four-week bursts of activity to implement specific product features from the project’s backlog.
First of all, there is a product backlog, which is a list of features the team wants to add to the product. When a feature is selected for implementation, it is described as a series of user stories from the user’s perspective (for example, “news screen” becomes, “As a user, I want to see the latest news on the Home Hub’s screen”). These are added to the sprint backlog, which must be cleared to complete the sprint.
As I mentioned, the sprint to implement the feature lasts between two and four weeks. During this time there is a daily stand-up directed by the scrum master where each team member gives an update on their progress, their targets, and anything preventing them from progressing. Once all of the user stories in the sprint backlog have been implemented, the sprint is complete.
At the end of the sprint, a sprint showcase is held, where stakeholders are invited to view the completed user stories from the sprint. Following this, the team conducts what is known as a retrospective. In simple terms, this just means that team members discuss the previous sprint to identify what went well, what didn’t, and any potential areas for improvement next time around.
On first glance, the Agile project management framework might look like a lot of unnecessary jargon (and in all honesty perhaps some of the terms could have been given clearer names), but having seen it in action first-hand on a series of projects I can say that it keeps teams focused, gets results, and is well worth familiarising yourself with as a cyber security professional.
Photo from The Lazy Artist Gallery from Pexels on Canva