Agile Scaling Round-up

This week’s Auspicious Agile video blog takes a look at an updated set of Agile scaling methods.  There is coverage from VersionOne’s 11th Annual State of Agile Survey, which provides some good perspective.  Methods covered included SAFe, Scum-of-Scrums, LESS, RAGE, Disciplined 2.0 and many more (believe me there are allot).

Support the Auspicious Agile blog by shopping on Amazon using the links below!

Here are a few resources associated with this week’s blog post (Affiliate):

Tagged with: , , , , , , , , , ,
Posted in Agile, Agile Adoption, agile enterprise, Agile Framework, agile methodology, Agile Scaling, Aikido, Business Agility, Kaizen, Large Scale Scrum (LESS), lean, Martial Arts, NEXUS, Portfolio, Product, SAFe, Scrum, Scrum of Scrums, Shu-Ha-Ri, Spotify

Agile Product Development in Distributed Teams

Our team’s latest InfoQ article on Agile Product Development for Distributed Teams.

Screen Shot 2017-04-08 at 11.45.07 AM

Support Auspicious Agile by shopping on Amazon using the links below!

Tagged with: , , ,
Posted in Agile, Agile Adoption, agile business, Agile Teams, Collaboration, Distributed Agile, Distributed Teams, InfoQ, Innovation, Scrum

Taking a Look at Modern Agile

This week’s Auspicious Agile video blog takes a look at Modern Agile created by Joshua Kerievsky.  Modern Agile goes beyond software development and applies to areas as broad as HR, Business Strategy, Product Development, and many more.

Support the Auspicious Agile blog by shopping on Amazon using the link below!

Books referenced in the video blog:


Tagged with: , , , , ,
Posted in Agile, Agile Adoption, Agile Framework, agile manifesto, agile methodology, Agile Teams, Design Thinking, Ethnography, kanban, Modern Agile, Product, Scrum, Transformation Design

New Distributed Agile Framework

I am working on a new Distributed Agile Framework with my team mates Hugo Messer, Savita Pahuja, and Arjan Franzen. Our latest post can be found on InfoQ. We welcome feedback and comments on the framework draft that we can incorporate as we iterate on our next version.



Tagged with: , , , , , , ,
Posted in Agile, Agile Framework, agile manifesto, agile methodology, Agile Scaling, Agile Teams, Business Agility, Collaboration, Communication, Distributed Agile, InfoQ, Kaizen, Large Scale Scrum (LESS), Leadership, lean, SAFe, Scrum

DevSecOps Putting Security at the Heart of DevOps

DevSecOps RSA Conference 2017 in San Francisco and DevSecCon in Singapore will both take place in February, and point to the trend toward merging DevOps and security, a combination called DevSecOps.

DevSecOps – the combination of DevOps and Security (or SecOps) – is a new trend making its presence known across the internet, industry and conferences.  With DevSecOps RSA Conference 2017 in San Francisco and DevSecCon in Singapore coming up in February 2017 we take a closer look at this new trend.

DevSecOps puts security squarely in the middle of DevOps.  No longer treating security as an afterthought, or as a one time review in a traditional or waterfall project context.  So what is DevSecOps? says that “The mindset established by DevSecOps lends itself to a cooperative system whereby business operators are supplied with tools and processes that help with security decision making along with security staff that enable use and tuning for these tools.”  

The DevSecOps Manifesto defines:

  • Leaning in over always saying “no”
  • Data & security science over fear, uncertainty and doubt
  • Open contribution & collaboration over security-only requirements
  • Consumable security services with APIs over mandated security controls & paperwork
  • Business driven security scores over rubber stamp security
  • Red & blue team exploit testing over relying on scans & theoretical vulnerabilities
  • 24×7 proactive security monitoring over reacting after being informed of an incident
  • Shared threat intelligence over keeping info to ourselves
  • Compliance operations over clipboards & checklists

Shannon Lietz of also offers five foundational principles of DevSecOps:

  1. Customer focused mindset
  2. Scale, scale, scale
  3. Objective criteria
  4. Proactive hunting
  5. Continuous detection and response

Are practitioners and voices across the internet and social media supportive of DevSecOps?  Here are some of the opinions about DevSecOps:

According to contributor Tim Prendergast security professionals are now becoming viewed more as peers than simply approvers at the end of a project.  This is giving security professionals a seat at the table so that security can be more proactively addressed by teams.

CSOOnline looks at the variations of DevSecOps found in the wild – SecDevOps, DevOpsSec.  Jamie Tischart of CSOOnline likes the SecDevOps variation better as it “puts security first”.  CSOOnline has this to say about DevSecOps:

“The last one is DevSecOps. Literally, you can expand this to completing development, then reviewing and automating for security, and then deploying and operating. This articulation hopes to catch the security concerns before they are deployed to the world but are not as incorporated into the overall process as SecDevOps. Certainly DevSecOps has the benefit of focusing on security before introducing a vulnerability to the the wild, but it is not security-focused in every activity.”

TechBeacon also speaks to the many names which apply with the addition of names like rugged DevOps.  Chris Romeo in his TechBeacon article speaks of a perceived need for a standard name.

“This gives us a hint as to the disconnect that exists within security in DevOps. It’s still the wild west. There is no standard that defines security for DevOps, and the chances of a standard ever developing is small because different organizations are doing things their own way, and can’t even agree on a standard name. And while there is a standard for the secure development lifecycle (ISO/IEC 27034-1), few organizations are ever validated against it .”

In his Sonatype blog Derek Weeks posits that there is strong evidence that DevSecOps has picked up significant momentum in 2016.  Derek points to the November 2016 Gartner release of its report on DevSecOps.  Gartner’s inclusion of DevSecOps indicates that the trend is becoming mainstream, as Gartner’s focus is on mainstream technology topics and not early adoption topics.

Other voices in the conversation on DevSecOps range from private sector, to the open source Community with many conferences.  In the private sector HP notes that the inclusion of security into DevOps is a hot topic.  HP notes that the different terminology indicates that security is an addition to DevOps rather than an integral part of it (at least in the current state).

In the open source community there are multiple meetups on DevSecOps including one in Singapore and another in the US in San Diego.  The Singapore meetup description indicates that:

“DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it.”

The DevSecOps Dojo is another location on the Web for updates on what is happening in the world of DevSecOps including article updates and a DevSecOps Twitter feed.
A range of several recent (and upcoming) conferences also show how pervasive DevSecOps has become.  DevSecOps RSA Conference 2017 has support from, Sonatype, and RSA Conference. A previous DevSecCon recently took place in London, and will be held for the first time in Asia in February.  DevSecOps was also a featured topic at the recent 2016 IT Expo London.

Support the Auspicious Agile blog by shopping on Amazon using the link below!

A useful reference on DevOps is the Phoenix Project by Gene Kim –


Tagged with: , , , ,
Posted in Agile, Cyber Security, DevOps, DevSecOps Manifesto, News, Security, Toolchain, Uncategorized

Agile and The Design Sprint

Agile and The Design Sprint – This week’s Auspicious Agile video blog takes a look at the Google Ventures Design Sprint. We cover several applications including Venture Capital, Innovation Labs, Hackathons, and Agile Product Teams.

Support the Auspicious Agile blog by shopping on Amazon using the links below!

Google Ventures Design Sprint –


The “Time Timer” used in Google Design Sprints can be found here.


Also useful for Design Thinking and Design Sprints – white board wall sticker:

Tagged with: , , , , , , , , ,
Posted in Agile, agile methodology, Agile Teams, Design, Design Sprint, Design Thinking, Disruption, Entrepreneurship, Ideate, Innovation, Large Scale Scrum (LESS), lean, lean startup, Learning, Product, Prototyping, SAFe, Scrum, Software Development, Venture Capital

My Latest InfoQ News Piece – DevOps Deis Helm Release for Kubernetes


Deis Helm Major Release Improves Kubernetes Usability


Tagged with: , , , , ,
Posted in DevOps, InfoQ, Kubernetes, News, Toolchain
%d bloggers like this: