monthly. These frequent iterations effectively measure progress, reduce technical and programmatic risk, and respond to feedback and changes more quickly than traditional methods. Programs can adopt an Agile Approach Agile represents a radical shift from industrial age processes to a modern management and development approach suited to the digital age. Agile practices help to make progress and information. However, Agile is not a panacea: it does not promise to solve all IT and program management problems, and may not be appropriate for use in all cases. Even successful adoption of Agile practices

objectives. When combined with Agile and Lean practices, this approach can focus IT planning, reduce risk, eliminate waste, and provide a supportive environment for teams engaged in creating value. If you month, you can find the handout for Part 2 on the Agile4Defense GitHub page at: https://git.io/JeaO2 Risk The presence of uncertainty is the simple reason why Agile approaches work better than plan-driven business value by adopting an intelligent attitude toward risk. Risk is the chance of a negative impact resulting from uncertainty. We can reduce risk—often at a cost —but there is generally no way to eliminate

time through incremental investments.  Managing the EA asset is an art, just as all strategic management is an art. Just as the CMO must sense market opportunities, weigh tactics for communicating with of custom-developing systems that preserve many of the advantages of buying off the shelf.  The risk of developing a system incrementally and altering it based on user feedback is often lower than that away by frameworks and design patterns. Incremental delivery and staged investments reduce cost and risk.  Custom code is almost not custom these days. A developer incorporates open source frameworks

information is evaluated and debated; more similar to R&D lab. f. REDEFINE FAILURE AND ENCOURAGE CALCULATED RISK-TAKING i. Leaders reinforce the culture through their actions ii. Roy Rappaport, Netflix – a single testing efforts – Part 6: The Technical Practices of Integrating Information Security, Change Management, and Compliance 1. Introduction a. Goal to simultaneously achieve Information Security goals guidance as early as possible ii. Awareness and involvement provides better business context for risk-based decisions d. INTEGRATE SECURITY INTO DEFECT TRACKING AND POST-MORTEMS i. Track all open security

substitute for the outdated project view in my vision for what IT leadership must become. Uncertainty and Risk: Third, underlying all of these changes – all of the problems with plan-drive approaches, all of confusion about how to deal with uncertainty and risk. What I call the “contractor-control paradigm” – is really about trying to make risk go away, when risk really the essence of what we do. Complex Adaptive seek feedback on its work? How will it solicit feedback and guidance from management? How frequently will it engage management? I want to make sure that we have an understanding on how my input and feedback

forces a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System and Process to Increase Quality of Our Current Work a. Goal – enable Development and Operations to reduce risk before production changes are made. Keep the reviews and approvals close to those whom are knowledgeable control failure – seems valid since we can imagine better control practices could have detected the risk earlier prevent the issue or could have taken steps to detect and recover faster 2. Accident due

& practicing continuous integration & testing iv. Automating, enabling, and architecting for low-risk releases b. Integrating objectives of QA & Operations to improve outcomes 2. Ch. 9 – Create the and even higher job satisfaction and lower rates of burnout. 5. Ch. 12 Automate and Enable Low-Risk Releases a. Just like we reduce batch size and increase frequency of feedback during development control needs separate Operations groups have emerged ii. Widely accepted practice to “reduce the risk of production outages and fraud” iii. DevOps goal – shift reliance from separate groups to other

POWERFUL QUESTION What else? POWERFUL QUESTION What is at risk? POWERFUL QUESTION What is important about that? POWERFUL QUESTION What might ‘help’ look like? Sources: Coaches Training Institute

have nothing to fear. Any Leader needs to be brave enough to allocate teams to do some calcuated risk- taking.” 8. Ch. 6 Understanding the Work in Our Value Stream, Making it Visible, and Expanding it

in Software Engineering Mike Ballou“There is no single development, in either technology or management technique, which by itself promises even one order-of- magnitude improvement within a decade abstract away its complexity often abstract away its essence • Not only technical problems but management problems as well comes from the complexity • It creates the tremendous learning and understanding I can help them I need…” • to Containerize the software, but to run that I need… • a Container Management Platform, but to network it I need… • a Service Mesh, but to secure it I need… • an automated Certificate