Disciplined Agile Applied

Herb Kelleher's missive “hire for attitude, train for skills" is becoming more and more relevant as time passes. Kelleher, one of the founders of Southwest Airlines in the United States, believed in hiring good people and then supporting their learning journeys over time.  This is in stark contrast to the "gig economy" where you hire people with the skills to perform a specific job for a specified period to time so as to fill an immediate need.  Both are valid strategies in the right situation, but in this blog I'd like to explore Kelleher's philosophy.

Here are three important questions we need to answer about the "hire for attitude, train for skills" strategy if we're going to make it work in practice.  In particular, how do you identify:

• Where your skills are deficient?
• The skills that you need to focus on right now?
• Topics to begin exploring now so as to prepare for the future?

Identifying Where Your Skills Are Deficient

This can be easier said than done.  Some organizations will have a robust People Management, often called Human Resources (HR), strategy in place that actively helps people to develop and then execute on a personalized learning journey. This is great if you have access to such a program, but even when you do there is still the challenge of identifying the skills and knowledge that you need to learn. Sometimes this is obvious, particularly if your organization already has strengths in the areas where you are currently weak, but not so obvious when a topic is relatively new to your organization or is rapidly evolving.

For example, let's assume that you're in a technical position on a solution delivery team and you need to expand your skillset around cybersecurity.  Unfortunately, you don't have easy access to someone with security expertise who would be able to guide you through how to learn more about security.  You could search online for some information, but what would you search for?  How can you tell which of the thousands of results you should focus on? A better option would be to start with the Disciplined Agile (DA) tool kit to see what it suggests regarding this topic so as to get you going in the right direction. 

Figure 1 shows two decision points, and their associated options, from the goal diagram for Disciplined Agile (DA) security process blade. Although there are many other decision points to consider, as you can see in Figure 2, let's focus for now on two that are directly pertinent to software developers: secure applications and secure data. You can see that there are several options that your team could adopt to develop secure applications, one of which, code review, you're familiar with but the rest you are not. At least now you have a short list of topics that you could explore in greater detail, narrowing your challenge down to something that is more manageable.  

Figure 1. Two decision points of the security process blade (click to enlarge).

Figure 2. The security process goal diagram (click to enlarge).

There is a much longer list of data security strategies provided, in fact this list is a bit daunting, because of the greater complexity of this aspect of cybersecurity. Quickly looking at the names it sounds as of many of the techniques are likely the responsibility of your data management team, although several sound as if they're more applicable for the solution delivery team that you're on.  In this case you decide to reach out to a friend on the data team to get their advice on where you should focus.

Identifying The Skills to Focus on Now

This decision is driven by the needs of your situation, the availability of options to gain the skill (training, coaching, and so on), and your preferences.  For example, if your team has an immediate need to improve their automated testing around security then learning about static code analysis techniques and tooling is likely what you need to focus on right now.  This may be quickly followed by learning about the other application security techniques in Figure 1.

Identify the Topics to Begin Exploring Now to Prepare for the Future

Many skills can't be learned quickly, or more accurately you need to understand the fundamentals of some topics before you can gain specific skills in them.  Once again, let's consider security.  It was a very big assumption on my part that you would have the background required to learn about static code analysis, penetration testing, or other application security strategies. What if you have very little knowledge about security or testing? Diving deeply into a specific skill likely isn't going to work out well in this case, your first step before doing so is to learn some fundamentals.  But how do you do that?

Luckily there is a lot more to the DA tool kit than just lists of techniques. When we describe process blades we work through four views:

1. People. There are specialized roles, and responsibilities for those roles, associated with each process blade. For example, the asset management process blade describes the roles of asset manager and asset engineer whereas data management has roles such as data manager and database administrator.
2. Mindset. The Disciplined Agile Mindset describes the principles, promises, and guidelines necessary for enterprise agility.  Each blade extends the DA Mindset with a collection of philosophies specific to that process area.  For example, Figure 3 overviews the mindset for disciplined agile vendor management.
3. Flow. Disciplined Agile captures the flow of work in several ways, including life cycles, the DA FLEX value stream, and work process flows. For example, Figure 4 depicts a context diagram which overviews the high-level flow of disciplined agile research & development and Figure 5 shows the internal workflow of disciplined agile asset management.
4. Practices. Practices are captured via goal diagrams such as the one for security in Figure 2 and described in tabular format, which you can read via the DA Browser.

Figure 3. The mindset of vendor management (click to enlarge).

Figure 4. The external workflow of research & development (click to enlarge).

Figure 5. The internal workflow of asset management (click to enlarge).

We Need to Learn Continuously

Given the rapid pace of change within our current environment, many skills appear to have a short shelf life. The implication is that you want to know how to identify skills that are relevant now for the situation that you face and then pick those skills up quickly.  You've seen in this blog that the Disciplined Agile tool kit can help you with identifying the skills to learn.