Course Taxonomy: Enterprise & Product Agility

Implementing Site Reliability Engineering

Posted on October 17, 2020 by -

Part 1 – Introduction

1. Introduction

2. The Production Environment at Google, From the Viewpoint of an SRE

3. Exercise: Mapping Your Production Environment

Part 2 – Principles

1. Embracing Risk

  • Managing Risk
  • Measuring Service Risk
  • Risk Tolerance of Services
  • Motivation for Error Budgets

2. Service-Level Objectives

  • Service Level Terminology
  • Indicators in Practice
  • Objectives in Practice
  • Agreements in Practice
  • Exercise: Setting Service-Level Objectives

3. Eliminating Toil

  • What Is Toil?
  • Why Less Toil is Better
  • What Qualifies as Engineering?
  • Is Toil Always Bad?

4. Monitoring Distributed Systems

  • Definitions
  • Why Monitor?
  • Setting Reasonable Expectations
  • Symptoms Versus Causes
  • Black Box Versus White Box
  • The Four Golden Signals
  • Worrying About Your Tail
  • Choosing an Appropriate Resolution for Measurements
  • As Simple as Possible, No Simpler
  • Tying These Principles Together
  • Monitoring for the Long Term

5. The Evolution of Automation at Google

  • The Value of Automation
  • The Value for Google SRE
  • Use Cases for Automation
  • Automate Yourself Out of a Job
  • Soothing the Pain: Applying Automation to Cluster Turnups
  • Borg: Birth of the Warehouse-Scale Computer
  • Reliability is the Fundamental Feature

6. Release Engineering

  • The Role of a Release Engineer
  • Philosophy
  • Continuous Build and Deployment
  • Configuration Management

7. Simplicity

  • System Stability Versus Agility
  • The Virtue of Boring
  • I Won't Give Up My Code!
  • The "Negative Lines of Code" Metric
  • Minimal APIs
  • Modularity
  • Release Simplicity

Part 3 – Practices

1. Practical Alerting

  • Time-Series Monitoring Outside of Google
  • Instrumentation of Applications
  • Exporting Variables
  • Collection of Exported Data
  • Storage in the Time-Series Arena
  • Rule Evaluation
  • Alerting
  • Sharding the Monitoring Topology
  • Black-Box Monitoring
  • Maintaining the Configuration

2. Being On-Call

  • The Life of an On-Call Engineer
  • Balanced On-Call
  • Feeling Safe
  • Avoiding Inappropriate Operational Load

3. Effective Troubleshooting

  • Theory
  • In Practice
  • The Magic of Negative Results
  • Making Troubleshooting Easier
  • Exercise: Distributed System Troubleshooting

4. Emergency Response

  • What to Do When Systems Break
  • Test-Induced Emergency
  • Challenge-Induced Emergency
  • Process-Induced Emergency
  • Don't Repeat the Past—Learn From It

5. Managing Incidents

  • Unmanaged Incidents
  • Managed Incidents
  • When to Declare an Incident
  • Elements of Incident Management Process

6. Postmortem Culture: Learning from Failure

  • Google's Postmortem Philosophy
  • Collaborate and Share Knowledge
  • Introducing a Postmortem Culture
  • Exercise: Blameless Postmortem

7. Tracking Outages

  • Escalator
  • Outalator

8. Testing for Reliability

  • Types of Software Testing
  • Creating a Test and Build Environment
  • Testing at Scale

9. Software Engineering in SRE

  • Why is Software Engineering Within SRE Important?
  • Auxon Case Study
  • Intent-Based Capacity Planning
  • Fostering Software Engineering in SRE

10. Load Balancing at the Front End

  • Load Balancing Using DNS
  • Load Balancing at the Virtual IP Address

11. Load Balancing in the Datacenter

  • Identifying Bad Tasks: Flow Control and Lame Ducks
  • Limiting the Connections Pool with Subsetting
  • Load-Balancing Policies

12. Handling Overload

  • The Pitfalls of "Queries Per Second"
  • Per-Customer Limits
  • Client-Side Throttling
  • Criticality
  • Utilization Signals
  • Handling Overload Errors
  • Load from Connections

13. Addressing Cascading Failures

  • Causes of Cascading Failures and Designing to Avoid Them
  • Preventing Server Overload
  • Slow Startup and Cold Caching
  • Triggering Conditions for Cascading Failures
  • Testing for Cascading Failures
  • Immediate Steps to Address Cascading Failures

14. Managing Critical State: Distributed Consensus for Reliability

  • Motivating the Use of Consensus: Distributed Systems Coordination Failure
  • How Distributed Consensus Works
  • System Architecture Patterns for Distributed Consensus
  • Distributed Consensus Performance
  • Deploying Distributed Consensus-Based Systems

15. Distributed Periodic Scheduling with Cron

  • Cron Jobs and Idempotency
  • Cron at Large Scale
  • Building Cron at Google

16. Data Processing Pipelines

  • Origin of the Pipeline Design Pattern
  • Initial Effect of Big Data on the Simple Pipeline Pattern
  • Challenges with the Periodic Pipeline Pattern
  • Trouble Caused by Uneven Work Distribution
  • Drawbacks of Periodic Pipelines in Distributed Environments
  • Introduction to Google Workflow
  • Stages of Execution in Workflow
  • Ensuring Business Continuity

17. Data Integrity: What You Read Is What You Wrote

  • Data Integrity's Strict Requirements
  • Google SRE Objectives in Maintaining Data Integrity and Availability
  • How Google SRE Faces the Challenges of Data Integrity
  • 1T Versus 1E: Not "Just" a Bigger Backup
  • Knowing that Data Recovery Will Work
  • Case Studies
  • General Principles of SRE as Applied to Data Integrity

18. Reliable Product Launches at Scale

  • Launch Coordination Engineering
  • Setting Up a Launch Process
  • Developing a Launch Checklist
  • Selected Techniques for Reliable Launches
  • Development of LCE
  • Exercise: Develop a Production Readiness Review

Part 4 – Management

1. Accelerating SREs to On-Call and Beyond

  • You've Hired Your Next SRE, Now What?
  • Initial Learning Experiences: The Case for Structure Over Chaos
  • Creating Stellar Reverse Engineers and Improvisational Thinkers
  • Reverse Engineering a Production Service
  • Five Practices for Aspiring On-Callers
  • On-Call and Beyond: Rites of Passage and Practicing Continuing Education

2. Dealing with Interrupts

  • Managing Operational Load
  • Factors in Determining How Interrupts Are Handled
  • Imperfect Machines

3. Embedding an SRE to Recover from Operational Overload

  • Phase 1: Learn the Service and Get Context
  • Phase 2: Sharing Context
  • Phase 3: Driving Change

4. Communication and Collaboration in SRE

  • Communications: Production Meetings
  • Collaboration Within SRE
  • Case Study: Viceroy
  • Collaboration Outside SRE
  • Case Study: Migrating DFP to F1

5. The Evolving SRE Engagement Model

  • SRE Engagement: What, How, and Why
  • The PRR Model
  • The SRE Engagement Model
  • Production Readiness Reviews: Simple PRR Model
  • Evolving the Simple PRR Model: Early Engagement
  • Evolving Services Development: Frameworks and SRE Platform

Part 5 – Conclusions

1. Lessons Learned From Other Industries

2. Conclusion

Advanced Kubernetes Boot Camp

Posted on October 17, 2020 by -

Part 1: Core Concepts

We’ll go deep into different terms of Kubernetes to understand what it takes to build and run scalable systems in production. There are design patterns that you can implement in Kubernetes to extend an existing application without having to change the source code, like a sidecar pattern.

  1. Kubernetes architecture
  2. Imperative commands and descriptive manifests
  3. Pods, deployments, services, namespaces, DaemonSets
  4. Exercise: Working with Pods
  5. Exercise: Working with ReplicaSet
  6. Exercise: Working with Deployments
  7. Exercise: Working with Services
  8. Multi-containers
  9. Init containers
  10. Exercise: Working with StatefulSet
  11. Working with multiple clusters (kubeconfig)
  12. Kubernetes design patterns

Part 2: Networking in Kubernetes

Understanding how networking works in Kubernetes is important because it will help you to configure networking patterns like service discovery for a microservices architecture. But another concept that is taking more relevance are service meshes. We’ll explore what a service mesh is, and we’ll practice using one of the most popular ones: Istio.

  1. Ingress networking
  2. Exercise: Working with Ingress
  3. Networking policies
  4. Exercise: Working with Networking Policies
  5. What’s a service mesh?
  6. Introduction to Istio
  7. Observability with Istio
  8. Networking security with Istio
  9. Canary releases with Istio
  10. Exercise: Working with Istio

Part 3: Creating Scalable and Fault-Tolerant Applications

Kubernetes has a lot of great features built in by implementing the controller pattern. But in many cases, our applications need to include small configurations to help Kubernetes make better decisions to support reliable applications. We’ll see what changes are needed in the applications, and then we’ll deploy and test a sample application.

  1. Working with configuration
  2. Exercise: Working with ConfigMaps
  3. Working with probes
  4. Exercise: Working with Probes
  5. Configuring requests and limits
  6. Taints and tolerations
  7. Exercise: Working with Taints and Tolerations
  8. Node selectors
  9. Configuring scaling policies
  10. Exercise: Configuring scaling policies

Part 4: Development Workflow in Kubernetes

Kubernetes doesn’t have to change the way developers build applications, but they might want to be involved or test in their local workstations when they’re done with their application changes. We’ll discuss some recommended practices and tools.

  1. Packaging and managing applications with Helm
  2. Exercise: Working with Helm
  3. Continuous delivery in Kubernetes
  4. Exercise: Continuous Delivery with Flux
  5. Logging and monitoring systems
  6. Troubleshooting application failures
  7. Exercise: Troubleshooting Applications
  8. Development Toolbox: State of the art

Part 5: Developing Stateful Services

Stateless services are great for certain use cases, but there are scenarios where an application needs to be able to store data permanently, or at least work with data that is not ephemeral. Databases are one example.

  1. Understanding persistent volumes
  2. Exercise: Working with PV and PVC
  3. Backup and restore in Kubernetes
  4. Exercise: Backup and restore with Velero
  5. Databases in Kubernetes

Part 6: Security Practices and Recommendations

Kubernetes is not secure by default, and there are many considerations that you need to be aware of if before exposing your applications to the public internet. Companies usually have existing security policies, so we’ll cover how these security practices apply in a Kubernetes ecosystem.

  1. Authentication and Authorization
  2. Integration with AWS and IAM
  3. Docker image and pods security
  4. Pod Security Context and Policies
  5. Secrets encryption using KMS
  6. Exercise: Security in Kubernetes

Part 7: Extending the Kubernetes API

There are times where we need to extend the Kubernetes API to operate systems more easily. Not everyone will need to build something to extend the Kubernetes API, but it’s very valuable to understand the what, when, and how of custom resource definitions and the operator pattern.

  1. Custom Resource Definition (CRD)
  2. Custom Controllers
  3. Operator Pattern
  4. Operator Framework
  5. Exercise: Creating an Operator

Part 8: What’s Next for Kubernetes?

We’ll discuss other topics related to Kubernetes that might not fit everyone’s use cases, but that as a Kubernetes user you might want to be aware of. For instance, we’ll talk a little bit about having federated clusters, hybrid workloads, and several important tools from the CNCF.

SAFe® AI-Empowered Scrum Master (SAFe SSM)

Posted on October 17, 2020 by -

  • Lesson 1: Introducing Scrum in SAFe
    • Basic Agile development concepts
    • Scrum basics
    • The Agile Team in SAFe
  • Lesson 2: Characterizing the Role of the Scrum Master
    • Defining the role of the Scrum Master
    • Coaching execution with effective events
    • Cultivating high-performing teams
  • Lesson 3: Experiencing PI Planning
    • Preparing for PI Planning
    • PI Planning – Day One
    • PI Planning – Day Two
    • Final plan review and PI objectives
  • Lesson 4: Facilitating Iteration Execution
    • Plan the iteration
    • Track the iteration progress
    • Refine the backlog
    • Facilitate the Iteration Review
    • Facilitate relentless improvement
    • Support DevOps and Release on Demand
  • Lesson 5: Finishing the PI
    • Coach the IP iteration
    • Prepare the team for the Inspect & Adapt event
  • Lesson 6: AI for Scrum Masters
    • AI foundations and prompting
    • Responsible AI
    • Building an AI-augmented Scrum Master workflow

Managing Azure Infrastructure with Terraform

Posted on October 17, 2020 by -

Part 1: Infrastructure as Code

In this section, we will introduce the benefits that Infrastructure as Code (IaC) can bring to organizations and how IaC fits within modern DevOps best practices.

  1. DevOps and GitOps
  2. Principles of Infrastructure as Code
  3. Applying Infrastructure as Code in DevOps
  4. Infrastructure as Code best practices
  5. Benefits of Infrastructure as Code
  6. The case for Terraform

Part 2: Terraform Overview

This section provides an overview of Terraform concepts and vocabulary and instructs how Terraform manages infrastructure configuration in cloud environments.

  1. Terraform configuration language overview
  2. Terraform CLI
  3. The lifecycle of a configuration
  4. State storage – local versus remote
  5. Connecting to Azure

Hands-on Labs:

  • Setting up a Terraform project

Part 3: Azure Resources

In this section participants will be getting hands-on practice using Terraform to create a simple application environment in Azure, learning the essential constructs in Terraform for defining resources.

  1. Resource metadata and naming best practices
  2. Subscription and resource group
  3. Networking resources (VNet, subnet, network security group)
  4. Compute resources (virtual machine)
  5. Storage resources (storage account, file share, blob storage)
  6. Database resources (SQL database)
  7. Variables
  8. Outputs

Hands-on Labs:

  • Deploying a VNet
  • Adding a virtual machine into your VNet
  • Adding storage and a database
  • Including variables in your code
  • Using Terraform commands to validate and inspect your configuration

Part 4: Terraform Programming

This section introduces programming constructs within Terraform that enable you to add more control and flexibility in defining resources.

  1. Control operations (count, loops, conditional, depends_on, etc.)
  2. Data structures (maps, lists, random_string, etc.)
  3. Data sources
  4. Functions (e.g., lookup, coalesce, join, merge, etc.)
  5. Variable validation
  6. Debugging Terraform

Hands-on Labs:

  • Managing multiple resources through count and loops
  • Using maps and lists in your code
  • Using functions in your code
  • Using Terraform CLI and state manipulation to debug your configuration

Part 5: Modules

This section shows how modules can be used to create reusable components in Terraform and teaches best practices in organizing Terraform code.

  1. Purpose of modules
  2. Modules code file organization structure
  3. Module structure
  4. Module sources and versioning
  5. Nested modules
  6. Publishing modules

Hands-on Labs:

  • Refactoring your earlier lab code to a module
  • Using Azure modules (subscription, metadata, resource group, virtual network)

Part 6: Wrapping Up

This section wraps up the course with reviews to reinforce what you have learned.

  1. Reference material to learn more
  2. Course review
  3. Next steps

Cloud Strategy Boot Camp

Posted on October 17, 2020 by -

Part 1: Fundamentals of Cloud Computing

  1. Tenets of Cloud Computing
    • What makes something “cloud”?
    • The five tenets
    • Why the five tenets are so difficult in practice
    • The cloud mindset
  2. Cloud Deployment Models
    • Types of providers
      • Public
      • Private
      • Hybrid
    • Combining providers
      • Single
      • Multi-cloud
    • Choosing among provider types
    • Using cloud providers securely
  3. Cloud Service Models
    • Infrastructure as a service (IaaS)
    • Platform as a service (PaaS)
    • Software as a service (SaaS)
    • Serverless
  4. Communicating Your Cloud Journey
    • Share your cloud strategy
    • Don’t ignore the people side of strategy success
    • Stay connected regularly and be available
    • Expect challenges and doubters
    • Celebrate your successes and share lessons learned
    • Exercise: Develop a communications plan

Part 2: Cloud Strategy Overview

  1. What Is Cloud Strategy?
    • What it is (and isn’t)
    • Relation to other strategies and plans
    • Once you have one, now what?
  2. From Business Vision to Cloud Strategy
    • Desired business outcomes
    • Potential benefits
    • Potential risks
    • The rise of bimodal IT
    • Business-specific factors
    • Exercise: Align benefits and risks with desired outcomes
  3. Cloud Strategy Council
    • What is it?
    • Why do you need one?
    • Who’s on it?
  4. Services Model
    • Consume
    • Build
    • Broker
    • Hybrid Management
    • Exercise: Develop sample services model
  5. Financial Models
    • How pricing works for cloud services
    • Is cloud cheaper?
    • CapEx vs. OpEx
  6. Principles
    • Why principles matter
    • Common cloud principles
    • How to choose yours
    • Exercise: Select cloud principles for sample case
  7. Workload Inventory
    • The hard work of preparation
    • Exercise: Complete a sample workload inventory
  8. Establish Governance Model
    • Importance of cloud governance
    • Layers of governance
      • Enterprise architecture
      • Technical architecture
      • Application architecture
      • Data architecture
    • Risk and compliance
      • Legal compliance
      • Industry compliance
      • Internal policies
    • Cloud center of excellence
  9. Staffing, Resource, and Training Impacts
    • Assessment of roles needed and impacted
    • Evaluate corporate staffing and resource policies
    • Exercise: Complete a sample training plan
  10. Exit Strategy
    • Why it’s critical to have one
    • Contracts
    • Data ownership and retention
    • Potential risks and issues

Part 3: Beginning Cloud Adoption

  1. Cloud Adoption Framework
    • Assess
    • Perform
    • Extend
    • Improve
  2. Assess Your Cloud Readiness
    • Initiating your adoption planning
    • Conducting cloud readiness assessments inventorying
    • Interpreting readiness results
    • Moving from assessment to action plan
    • Exercise: Complete a sample readiness assessment
  3. Cloud Migration Decision Framework: The 6Rs
    • Replace
    • Refactor
    • Rehost
    • Retain
    • Retire
    • Replatform
    • Exercise:Apply cloud migration decision framework to a sample case
  4. Select Your First Cloud Service
    • Prioritize candidate services
      • Select candidates for your first cloud service
      • Assess service criticality of each candidate
      • Assess risk and benefit of each candidate
      • Decide on the first cloud service
    • Architect selected cloud service
      • Cloud native
      • 12 factor app methodology
      • LIFESPAR
      • Exercise: Rearchitect sample architecture for cloud migration
    • Evaluate cost and return
      • Maximize your cloud value
        • Avoid surprise bills
        • Use demand forecasting effectively
        • Trade off space and time to save money
        • Hit your uptime targets without breaking the bank
      • Assess benefits of cloud service
        • Operational efficiencies or agility
        • Changes in staffing and skill sets
          • Operations
          • Development
          • Security
        • Expected cost savings from infrastructure
        • Determine costs of cloud services
        • Assessing impact on staff resources
      • Compute cloud service costs
        • Throughput
        • Compute time
        • Scalability
        • Resiliency
      • Exercise: Estimate cost for sample architecture for public cloud providers

Part 4: Extending and Improving Adoption

  1. Assess Hybrid Operating Challenges
    • Development and testing
      • Development toolchain
      • Debugging in the cloud
      • Testing
    • Operations
      • The rise of SRE
      • Moving administration up the stack
      • Aligning cloud service monitoring and on-premises monitoring
      • Survey of SRE vendors and tools
    • Security
      • Incident and event management
      • Auditing
      • Policy enforcement
      • Penetration testing
      • Threat assessment and modeling
      • Vulnerability management
    • Identity and access controls
      • The continuum of identity from on-premises to IDaaS
      • Understand the benefits and trade-offs of IAM protocols
      • Identity as the new edge
      • The hidden costs of identity in SaaS
      • Survey of cloud IAM vendors
    • Environment management
      • Moving from on-premises environments to cloud environments
      • Hybrid environment challenges
    • Configuration management
      • Impact of cloud service models on configuration
      • Storing secrets securely
      • Managing secrets over time
      • Monitoring for drift
      • Survey of configuration management vendors and tools
    • Deployment and release management
      • A new philosophy of release management
      • Separating deployment from release
      • Monitor and recover from failed deployments
      • Data management
        • Implement proper security controls
        • Plan a successful data migration effort
        • Establish audit and traceability
        • Analysis and reporting from the cloud
          • Business continuity and disaster recovery
            • Evaluate business continuity procedures
            • Evaluate disaster recovery procedures
  1. Improve Cloud Adoption Practices
    • Conduct regular retrospectives
    • Improve automation
    • Manage workloads
    • Refine governance, security, and risk processes
    • Train and develop staff
    • Monitor cloud consumption
    • Perform ongoing security and risk assessments

 Part 5: Wrap Up

  1. Our Cloud Strategy Journey
  2. What To Do Now
  3. Final Thoughts

Registered Scrum@Scale Practitioner

Posted on October 17, 2020 by -

Scrum@Scale focuses on the organization as a whole, emphasizing how to optimize coordination with a “minimum viable bureaucracy.” You will learn the various components of the Scrum@Scale framework, such as scaled roles, scaled events, and enterprise artifacts.

Some concepts in the course include:

  • The elements of the Scrum Master Cycle (the “how” of Scrum), including concepts such as cross-team coordination, impediment removal, and the Executive Action Team
  • The elements of the Product Owner Cycle (the “why” of Scrum), including concepts such as strategic planning, release planning, and the Executive Meta Scrum
  • How these elements combine together to optimize organizational effectiveness
  • Where should you get started with your Scrum@Scale implementation

Once you understand how these elements can help transform your organization holistically, you can create a plan specifically tailored and prioritized to your situation. Implement what you’re ready for, building upon the elements of the framework over time.

DevSecOps Boot Camp

Posted on October 17, 2020 by -

Part 1: DevOps, Security, and DevSecOps: Definitions

1. DevOps

2. Security

3. Risk

4. Culture

5. Agility

6. Testing

7. Continuous Integration

8. Continuous Delivery

Part 2: Where do we start with security?

1. Risk review

2. Policy

3. Roles

4. Compliance, regulatory and GRC

5. The Pipeline Model

6. Exercise A: Value Stream Mapping

Part 3: Security as a DevOps practice

1. Traditional vs. “DevOps” security

2. Tools vs. processes

3. Security, not compliance

4. Prioritizing testing for risk

5. Reducing source code footprint

6. Static analysis for secure code

7. Feature toggles for security

  • Toggle points
  • Toggle router
  • Toggle configuration

8. DevSecOps and technical debt management

Part 4: DevSecOps and “requirements”

1. Designing for security

2. Assessing risk appetite

3. Modeling threats

4. Product architecture

5. Use cases, antipatterns, and abuse cases

6. Dataflows and trust boundaries

7. Exercise B: Threat Modeling

Part 5: Secure development patterns

1. Secure code overview

2. OWASP review

3. Tools for automating OWASP

  • OWASP dependency checkers
  • OWASP Zap during regular functional tests

4. Developer guidelines & checklists

5. Tools to use

6. Coding Standards (top 5 languages)

7. Common pitfalls

8. Identifying Unsafe Code

Part 6: Security Testing in the Pipeline

1. Testing before commit

2. Scanning for secrets

3. Hook examples

4. Application security testing

  • Static
  • Dynamic

5. Testing dependencies

6. How to treat manual testing

7. Performance Testing

  • Testing for load
  • Testing for stress
  • Soak tests
  • Spike testing

8. Testing in parallel

9. Staging

10. Mutation testing and tools for performing it

11. User role testing

Part 7: Identity and Access Management (IAM)

1. IAM overview

2. Identity profiles

3. Using IAM for automation

4. IAM practices in the cloud

5. IAM as an application building block

6. IAM antipatterns

7. Guided discussion: IAM in a Microservices use case

Part 8: Deployment patterns for security

1. Canary candidates

2. Dark launches

3. Streamlining libraries and dependencies

4. Keeping packages up to date

5. Keeping deploys repeatable and reliable

6. OpenSCAP for scanning baselines before and after deployments

7. Scanning web server configuration

8. Database exploitation through applications

9. Infrastructure scanning

  • OpenVAS
  • NMAP

10. Scanning web applications

  • W3AF
  • Wapiti

Part 9: DevSecOps and Operations

1. Where does Ops security begin and end?

2. Infrastructure as Secure Code

3. Incident response planning and emergency drills

4. Release Archives

5. OS Protections:

  • Address Space Layout Randomization
  • Non-Executable Stacks
  • W^X
  • Data Execution Prevention
  • SELinux

7. Monitoring, logging and intelligent alerts

  • Splunk mini-tour: A transformative tool for analyzing machine data, operational risk, and application health

8. Log management

9. Penetration Testing

10. Exercise C: Profiling a DevSecOps Hybrid model

Part 10: Policy, Governance, and Audit

1. GRC review

2. Coding for compliance

3. DevOps and the “segregation of duties”

4. Tooling example: Chef InSpec

5. Change management and policy

6. Exercise D: Automated vs. Manual, to comply with Audit requirements

Part 11: Change management and DevSecOps

1. Three types of “change”

2. When and why to use CAB boards

3. Peer review vs. change management

4. Automating change management

ITIL in 2020

Part 12: Measurement and metrics

1. The core toolkit of metrics

2. The best way to institute alerts

3. Managing alerts

4. Proactive vs. reactive metrics

5. Measurement antipatterns

Part 13: More advice on the cultural factors

1. Security fails and breakdowns

2. Incentive, fear, and reward

3. Getting outside IT

4. How to shift left

5. Building security in

6. Cost and the business case for proactive security

7. Overcoming conventions of the past

8. Bridging silos – why and how

9. Exercise E: Rearranging incentives

Part 14: Putting it all together

1. Class recap and final questions

2. What will you do differently when you return to work?

Entry Certificate in Business Analysis (ECBA) Certification Prep

Posted on October 17, 2020 by -

Part 1: Welcome to the class!

We'll start the ECBA™ Certification Prep Class with an overview of what the ECBA™ is, the process for applying, scheduling your test and, of course, passing it. We’ll review sample questions provided by the IIBA and how the test questions are distributed over the 6 Knowledge Areas, Competencies, and Techniques in the BABOK®. We will also provide a preview of the ECBA™ course content and our process for delivering a valuable learning experience.

Part 2: Business Analysis & Key Concepts Overview

Before we can focus on the BABOK®, we will need to cover critical foundational material on the topic of business analysis. We'll start by providing an overview, including common terms, concepts, techniques, and models that all business analysts must know to pass the ECBA™ examination. What is business analysis? Throughout this section, practice questions are reviewed.

  1. The role and competencies of the business analyst
  2. The Systems/Software Development Life Cycle (SDLC)
  3. Project & Requirements Life Cycle Management
  4. Requirements Engineering basics
  5. Levels of requirements, tool and techniques
  6. Perspectives, systems, processes, and actors

Part 3: The Business Analysis Knowledge Areas

At the heart of IIBA certification is high level knowledge of the BABOK®. In this section of the class, we'll dive appropriately into each Knowledge Area. As we cover each of these six subject-matter areas, we'll share the essential information you need to know for the ECBA™ examination. You'll come to understand the structure of the BABOK® and discover some practical tips for remembering what you need to know. And of course, the class will help you continue to increase your comfort and confidence with the examinations via realistic practice exercises throughout. Combined with the opportunity to discuss your questions, these activities will help you further refine your strengths and weaknesses with the material:

  1. Business Analysis Planning and Monitoring
  2. Elicitation & Collaboration
  3. Requirements Life Cycle Management
  4. Strategy Analysis
  5. Requirements Analysis & Design Definition
  6. Solution Evaluation

Part 4: Underlying Competencies

Having attained an appropriate understanding of the BABOK® Knowledge Areas, you must still understand and know critical business analysis fundamentals. This module takes a structured review of the underlying competencies you need to know for the ECBA™ certification:

  1. Analytical Thinking and Problem Solving
  2. Behavioral Characteristics
  3. Business Knowledge
  4. Communication Skills
  5. Interaction Skills
  6. Tools and Technology

Part 5: Techniques

A Business Analyst employs a variety of tools and techniques during a project to ensure successful results. Throughout the course, we will review the Tools & Techniques in the BABOK® so that you have sufficient knowledge to respond to questions on the test:

  1. Elicitation & Collaboration techniques
  2. Diagramming and modeling techniques
  3. Root cause analysis techniques
  4. Acceptance and evaluation definition techniques
  5. Post-project assessment techniques

Part 6: A Guide to Success on the Exams

At the end of this one day course, you will be provided a few final tips to improve your examination experience. In this final section, you'll get our best tips and have the opportunity to practice with a sample examination on your own. The Study Guide provides practice test questions with answers and BABOK® references.  

  1. Recommendations for next steps
  2. Key tips to remember for the exam
  3. Final test hints
  4. Practice examination

Design Thinking Boot Camp

Posted on October 17, 2020 by -

Part 1: Introduction – What do we mean by design…and what are we thinking?

  1. Design thinking overview
  2. How structure and process apply to creativity
  3. The need to solve problems
  4. Types of problems, types of solutions
  5. Components of design thinking
  6. Human centrism: The importance of your users, customers, & consumers

Exercise: Who has the problem? Defining the user or customer

Part 2: Framing Problems

  1. What’s the problem, really?
  2. Discovering problems
  3. Technology problems and products
  4. OODA loops and backlogs
  5. Distinguishing symptoms, problems, and root causes
  6. Refining problem definition
  7. Repeatably finding “a-ha” moments

Exercise: Select a problem candidate

Exercise: Root cause analysis for isolating and defining a specific problem

Part 3: Divergent Ideation

  1. What is divergent thinking?
  2. Generating raw material
  3. Iterating on divergence
  4. Your north star: Human-centric solutions
  5. Using divergence to refine the problem space

Group exercise: Rapid ideation

Part 4: Convergent Ideation

  1. What is convergent thinking?
  2. Refinement and synthesis
  3. Defining a future state for solution paths
  4. Selecting solution candidates

Exercise: Revisiting your user persona and choosing the solution

Part 5: Testing Solution Candidates

  1. Agility overview
  2. Advice on prototyping
  3. How to prototype rapidly
  4. Collecting data
  5. Variables
  6. Rapid testing
  7. Iterating on tests

Exercise: Modeling a testing cycle and group critique

Part 6: Iterating on Solutions

  1. The feedback cycle
  2. Agile practices for iteration
  3. Measuring value
  4. OODA loops again
  5. Evolving solutions

Exercise: Walking through the iteration

Part 7: Teaming for Design and Solution Building

  1. Applying design thinking in the typical enterprise
  2. Product, service, system, or solution?
  3. Teams in the problem space
  4. Design collaboration
  5. Prioritizing the design portfolio

Part 8: Obstacles to Design Thinking in Organizations

  1. Cultural obstacles
  2. Overcoming silos
  3. Defining value correctly
  4. Keeping human qualities at the center of the design
  5. Applying design thinking to non-traditional roles
  6. Engineering hurdles
  7. The challenge of scale

Exercise: Preparing for scalability challenges and transitioning from discovery to delivery

Part 9: Class Conclusion – Charting Your Course

  1. Expert Q&A
  2. Discussion: Is your solution useful?
  3. Your action items when the class is over

ICAgile Team Facilitation (ICP-ATF)

Posted on October 17, 2020 by -

Part 1: Welcome, Introductions, and Course Logistics

A Team Facilitator is someone who helps a group identify common objectives and then offers group processes to achieve defined outcomes. A skilled facilitator consciously embodies self-awareness, self-management, and bias management, while conveying openness and enthusiasm. An Agile Team Facilitator (ATF) is about more than just meetings. An ATF facilitates participation, collaboration, engagement, and team growth.

  1. Introductions and Housekeeping
  2. Course Objectives and Agenda
  3. ICAgile Certification Overview

Part 2: Development Path for Agile Coaching

The Agile Team Facilitator is on the development path to becoming an Agile Coach. To be effective, the Agile Coaching path requires that we take our development one step at a time, obtaining competence at each step along the way. We will review the development path and transition from Agile Team Facilitator to Agile Coach.

  1. Development Path for Agile Team Facilitators
  2. Competencies of an Agile Coach
  3. Your Extended Team
  4. Knowing When to Call on Help

Part 3: The Agile Team Facilitator Mindset

Becoming an Agile Team Facilitator requires a certain mindset to lead and serve the team. Learn the mindset required for the Agile Team Facilitator and gain an understanding of the paradigm shift that must occur to be successful in this collaborative environment. Understand how the Agile Team Facilitator is a role model for the team by exemplifying the Agile principles. Review the strategies required to be a servant leader and models for achieving self-awareness.

  1. What is an Agile Team Facilitator
  2. Team Facilitator Guiding Principles
  3. Agile Team Facilitator Mindset
  4. Self-Awareness/Self-Management
  5. Servant Leadership

Part 4: Foundational Facilitation Skills

One of the essential skills for the Agile Team Facilitator is helping teams identify and achieve common objectives. The ATF facilitates the team events to ensure they are productive and move the team forward. This starts with understanding the purpose and expected outcomes of the various team events. A flow must be created to achieve those goals and ensure participation.

  1. Arc of Facilitation
  2. Understanding Purpose
  3. Gather Planning and Design Information
  4. Designing Meeting Flow for Collaboration

Part 5: Conducting a Facilitated Session

When facilitating a session, the facilitator is the holder of the process and the team holds the content. The facilitator must maintain neutrality to not unduly influence team decisions. They must make sure that the event is organized to encourage collaboration. This includes the physical setup, meeting organization tools, and driving collaborative conversations.

  1. Maintaining Neutrality
  2. Using Meeting Organization Tools and Interactive Facilitation Techniques
  3. Facilitating Collaborative Conversations and Team Decision-Making
  4. Managing Dysfunctional Behaviors
  5. Reading the Room and Capturing Information

Part 6: Facilitating Collaborative Meetings

Facilitating typical Agile framework meetings is a requirement for the Agile Team Facilitator. We must plan these events and keep them engaging. To do so, the ATF must understand the purpose and underlying principles and values of the ceremonies. In this section, we will go through the ceremonies for an agile framework and design meetings to facilitate achievement of the desired outcomes. We will specifically design common sessions such as Retrospectives and Daily Stand-Ups. We will also look at the design of other key ceremonies.

  1. Agile Framework Meetings
  2. Facilitating Retrospectives and Daily Stand-Ups
  3. Facilitating Other Agile Meetings

Part 7: Skillfully Facilitating Agile Practices

Teams will move in and out of patterns of behavior. The ATF needs to recognize team patterns and know when a team may need more, or less, intervention. We will look at how our styles need to change based on the team current state of knowledge and self-sufficiency.

  1. Team Levels of Maturity
  2. Changing Style Based on Team Phase
  3. Levels of Team Intervention

Part 8: Active Facilitation

This section is devoted to putting our training into action! The ability to neutrally facilitate a session must be practiced. Attendees will have an opportunity to design and facilitate a team session based on scenarios from agile framework meetings.

  1. Design an Agile Meeting
  2. Facilitate an Agile Practice
  3. Give and Receive Feedback

Part 9: Summary

Summarize key takeaways from the course and pull it all together.

  1. Review Facilitation Tools
  2. Review ICAgile Learning Objectives and Video
  3. Survey Information