Software engineering best practices from Agile, DevSecOps, and Human Centric Design
By Mark Wells, VP DevSecOps Center of Excellence
The common model for any methodology used today in the information technology marketplace is based on people, processes, and technology. But within that model live best practices that ensure the methodology delivers the business value expected by stakeholders. To meet that expectation of value, those practices rely heavily on Agile, DevOps/DevSecOps, and Human-Centric Design (HCD).
So, what specific practices best serve the need to deliver business value? The answers lie in how we manage people, processes, and technology. In this part of our series, we’ll discuss people as the foundation for creating business value. As Software Engineering is first and foremost a function of work performed by people, we must concentrate on those practices which center around the staff of Agile teams. Following are the top five best practices that focus on the people who develop the software enabling mission success.
1. Create cross-functional teams
A primary goal of Agile and DevSecOps is to create cross-functional, self-managed development teams. Therefore, we need engineers and developers who have a diverse set of talents and skills that allows for deep and wide capabilities across teams. Sometimes called T-Shaped, the reality is an Agile Team is best served by what is called Comb-Shaped Full Stack Developers (broad experience and knowledge across numerous technical specialties, not just one). By having team members who have this diversity of skill, the result is cross-functional capability that allows staff to fulfill each position, role, and responsibility within or across teams supporting dynamic resource allocation of talent as needed depending on the requirements of the work planned. So, for example, if a tester is out sick or on leave, another developer can take on that role without loss of time, and the Agile sprint iteration can be accomplished as planned.
2. Foster team autonomy
The other advantage of using more skilled Comb-Shaped developers is the ability to create Autonomous Teams. Agile practices drive towards teams that can self- manage and determine work effort that impacts sprint planning and delivery of business value. Highly skilled developers understand the requirements of specialized work resulting in productive, empowered teams who define the priorities of tasks cooperatively without the need for micro-management or authoritative direction. They intuitively know what to do.
3. Nurture and grow the team
We also need to ensure teams can improve and mature with time even as new staff are brought onto teams. Paired Programming provides that opportunity. Not every team can be staffed by the best Full Stack engineers all the time, and it is always important to have more than one set of eyes on any work completed as a part of a code review. Paired Programming works to satisfy these needs. With Paired Programming, more junior developers can be brought onto teams and work with senior engineers who impart skill and knowledge at a greater level of success than classroom education. This allows for junior developers to build the necessary experience to become Full- Stack engineers more quickly and at less of a cost to the productivity of a team. It also reduces training expense. Sometimes, one of the best practices for building strong, self-guided, productive Agile teams is to grow your own.
4. Consider additional roles
One other aspect of good Agile practices is to allow team members to serve different roles within the team, exposing them to a complete set of practices that results in greater process maturity. Besides the common roles (Developer, Tester, DevOps Engineer, Scrum Master, and Product Owner) we use two other roles to best manage the DevSecOps process. These are Build Boss and Release Captain. They are fairly straight forward roles. The Build Boss is in charge of Continuous Integration (i.e., Jenkins, GitLab) making sure build policies, configurations, decisions, integrations, and authorizations occur as necessary. The Release Captain is responsible for the release of increments to production and run the Release Readiness Reviews (RRR) and Release Planning Reviews (RPR) as well as develop and collect all release artifacts necessary for compliance. These roles are rotated between different people on the team every sprint or increment. This ensures that all team members understand the DevSecOps processes and builds autonomous self-managing teams.
5. Harness the power of Kanban
Once you have a highly skilled, autonomous, and cross-functional team who can self-manage, Agile development is best served through the use of Kanban Boards and planning. Scrum Masters are really there to help guide the team, not to command them. Epics and User Stories that become a part of the prioritized and planned backlog are left to the experience of the team to determine which elements of work are best performed in what order. Kanban provides the mechanism for teams to control those activities in the most efficient manner. But since not everything goes as planned, Agile techniques within a Kanban process (Daily Standups, Work in Progress, Velocity, etc.) allow for the identification of problems, constraints, and blocks and how to resolve those restrictions and limitations from the work performed. Basically, Kanban boards, when used appropriately, is the self-governing mechanism for self-managed teams.
In Part II of this series, we’ll discuss best practices in specific processes that lead to better business value. In the meantime, if you have questions about Octo’s Agile approach, reach out to our team.