Andi Azzolina

Merriam Webster defines the term “agile” as “marked by the ready ability to move with quick easy grace.” The term “agile” was popularized in business by the “Agile Manifesto for Software Development” issued in 2001. Since then, the agile movement has exploded as companies rush to “agile” as the cure for a wide range of business challenges and IT teams garner significant investments promising that agile is the answer to IT’s inability to deliver at the speed the business demands. But are these efforts yielding the promised results?

I’ve seen agile succeed in small IT organizations and large ones but I’ve also seen an equal number that have faltered or failed. Some of the reasons these programs struggle is not setting them up properly to begin with. Here are some tips for getting it right:

1. Invest in change management:  Most established IT organizations have ingrained methodologies for delivery. By nature, people fall back on what they know. Agile is as much a mindset change as it is a methodology and changing mindsets and behavior is hard. Agile requires strong commitment and leadership from the top, and a plan for tackling the significant organizational change that adopting an agile mindset requires.
2. Emphasize delivery over speed:  The term “agile” itself is a bit of a misnomer as the word itself focuses on “speed.” However, the emphasis in agile should not be on speed but on delivery or shipping feature or products. I’ve seen teams spend days planning 2-3 week sprints and fail to ship any tangible deliverables or work in the planned sprint. The point with agile is to deliver small measurable incremental chunks of work – failing to organize the work into bite size chunks that can be delivered and measured is an important factor in agile’s success.
3. Invest in people, process and technology:  Implementing agile requires setting up the people, process and technology for success. Here are the most common misconceptions I’ve seen around agile that lead to underinvestment:

Misconception #1: Agile teams can manage themselves

Leaders often have an expectation that agile team members will actively engage with the process by both contributing to and volunteering for tasks on their own. In reality, this works if you have a strong agile lead or coach and a mature and high-functioning team. Most IT teams are used to a more directive culture and will not naturally sign up for tasks or contribute. This behavior must be taught, encouraged, modeled and rewarded – it doesn’t happen naturally.

Misconception #2: Agile doesn’t require planning

Technologists love agile because of the misconception that it requires less planning. When done right, agile actually requires more granular, daily planning, task estimation, communication and measures of accountability. Without the right mindset, lead or coach and the ability to track and monitor task estimates and measure productivity, agile will fail to deliver.

Misconception #3: Implementing an agile “tool” will enable the process

Another misconception is that agile software tools are the cure-all for fixing the people and process issues. Many of software tools used to support agile are time-consuming and cumbersome to use and are perceived as a burden rather than an enabler of work. A good tool built on a lightweight simple process will enable agile teams to easily triage, communicate and facilitate work.  This will also insure that the tool is used throughout the day to manage work. This requires setting up the tools with a smart lightweight process that all team members can get behind.

• Define measures of success:  Agile requires fine grained estimation on the “incremental parts” that are being delivered in a sprint and it requires evaluating the estimator’s accuracy. Gathering data on the accuracy of estimation to actuals allows for the refinement of planning going forward which facilitates greater predictability of delivery.
• Include the business in all aspects of agile delivery: Agile requires the involvement of the business in all aspects of delivery. Many IT organizations think agile is “an IT thing” and have the misconception that agile can work without the inclusion of the business or users. In reality, the close partnership between end users and developers means there is constant feedback and “iterations” and there won’t be any last-minute surprises.

Finally, agile is no magic bullet. It’s a methodology and a process for delivery that takes time, focus, dedication, and most importantly flexibility (agility!) in tweaking the process over time until it works.

The market upheaval caused by the pandemic, supply chain issues, climate change, war and general mistrust in governments means new opportunities for cybercriminals. While most of us have been busy trying to navigate the new world of work, cybercriminals have been busy cooking up new schemes to trick, threaten and defraud corporations around the globe.

Companies have taken notice and continue to increase their cybersecurity spending. According to PwC’s Global Digital Trust Insights Survey 2022, “investments continue to pour into cybersecurity” with 69% of responding organizations predicting a rise in their cyber spending for 2022, yet are these investments being used wisely and efficiently?

The CISO’s job of identifying risk and advocating for stronger protections adds work for IT teams and can instill fear in the boardroom, making the CISO an adversary to some and a necessary evil to others. Meanwhile, CIOs face pressure to deliver on digital transformation, improved customer experience and innovation at record speeds. It’s understandable that the CISO can be viewed as a roadblock to other IT teams (which is made worse when egos are involved).

But it doesn’t need to be this way — here are three ways CIOs and CISOs can work together to maximize investments, increase efficiency, reduce risk and improve time to market.

1. Embed security best-practices into all IT processes: By embedding security into all IT delivery processes (ITSM, SDLC, DevOps, etc.), this ensures the delivery of secure products and prevents costly rework later. This also support’s IT’s need for delivering stable and secure products while reducing support costs due to outages.
2. Implement a shared monitoring capability: IT monitors systems for uptime and stability while cyber monitors for intrusion and security incidents. There’s plenty of overlap in the data and log files required for both functions. While this may not work in all organizations, many organizations have realized synergies from a combined function that supports both operational stability and cybersecurity. Not only does a combined function save saving money on hardware, software, storage and labor, it enables better visibility, communication and coordination across functions and provides analysts with more context for their work (making the often-mundane job of monitoring more interesting and rewarding).
3. Share data, data platforms and AI capabilities and talent: Another area where IT and cyber teams can achieve efficiency is around data platforms. IT teams typically have dedicated data teams and decades of experience building, implementing, and supporting analytical and real-time data and integration platforms that provide the foundation for advanced analytics and artificial or augmented intelligence. These tools and skills are easily transferable to cyber use cases. Moreover, many cyber professionals landed in cyber with a background in infrastructure and networking and lack the experience and know-how required to build and support data, integration and advanced analytics capabilities. CISOs and CIOs would be wise to team up on data platforms and the skilled labor often missing on cyber teams.

By finding common ground, overlapping capabilities and synergies, cyber and other IT teams can work together to enable better, more stable, and secure solutions while creating efficiencies and cost savings for the enterprise.