Sten Vesterli's Blog

You Need an Agile End Result More Than an Agile Process

August 30, 2022IT Leadership, Technology That FitsPlanning, Quality, Regulations

An agile development process is not important. An agile end result is. If your organization realizes a benefit from an agile methodology, that only helps you during the relatively short development process. But if you build something that can easily be re-configured and changed, that benefits you for the year or decades that you are running the system.

You would think that a digital billboard would be agile. The whole point is that it can display whatever you want. But German advertisers and shops have just realized that their display screens have very narrow agility. A new law requires these energy-guzzling billboards to be switched off at night to save electricity. It turns out that all the devices were built on the assumption that they would always be on, and they do not take kindly to store employees simply yanking the power cord when they go home.

To achieve agility in your products and systems, you need to avoid hard-wiring your assumptions into them. The only thing you can safely assume is that everything will eventually have to be changed.

What do you incentivize?

August 25, 2022IT LeadershipIncentives, Leadership, Quality

You get what you reward. Twitter decided to primarily reward user growth, and things went downhill from there. Recently, their head of security quit. Then he filed a whistleblower complaint with the authorities, complaining that Twitter’s security is bad and not getting better. Now there is likely to be a very interesting congressional hearing.

White-hat hacker Peiter Zatko (aka “Mudge”) was hired after a 2020 security breach but could not implement the changes he felt were necessary to fight spam and automated bots. The reason is the incentive structure at Twitter.

You see, Twitter management bonuses are based on user growth. There is no bonus for reducing spam or automated bots. You get what you reward, with no exception. You can reward with money, perks, promotions, or other recognition, but you have to incentivize the behavior you want. If all your incentives are based on quantity and not quality, you will get ever-increasing quantity and ever-decreasing quality.

Do You Want Fancy, Cheap, or Usable?

August 19, 2022IT Leadership, Technology That FitsLeadership, Priorities, Quality, User Experience

Do you prefer fancy, cheap, or useful? Car manufacturers have found that touchscreens look fancy and are cheaper than physical buttons. That’s why modern cars have touchscreens and no buttons. I prefer buttons, and science is on my side. A survey shows that it is almost twice as fast to perform common car tasks with buttons than with a touchscreen.

Unfortunately, a car is not required to be easy to operate. Aircraft cockpits, on the other hand, are full of physical buttons. An aircraft manufacturer accepts the extra cost of physical controls to provide an optimal user experience for the pilot.

Marketing wants fancy. Finance wants cheap. User Experience wants usability. Who has the last word on product design in your organization?

Set Mandatory In-Office Days

August 17, 2022IT LeadershipLeadership, Work

It’s back-to-the-office time even in Cupertino. Apple has announce that starting Sept 5, employees are required to be in the office at least three days a week. Tuesday and Thursday are mandatory in-office days.

It is a good idea. The research is piling up that fully remote working has a negative impact on people who used to work in an office. The only organizations that work well fully remote are those that were born that way.

If you are in a leadership position, you should set mandatory in-office days. A minority will complain loudly, but the majority will quietly be thankful that you set clear rules. And despite the claims of the work-from-home zealots, it does improve communication, engagement, and the bottom line.

What is Your Time to Recover?

August 15, 2022August 21, 2022IT Leadership, Technology That FitsIT security, Leadership, Malware, Risk

It wouldn’t take you three to four weeks to rebuild a critical system, would it? But that’s how they do things in the National Health Service in the UK. Doctors and hospitals have been advised that the central patient record system is offline due to a ransomware attack and will not be back until sometime in September. In the meantime, doctors will have no access to their patients’ medical histories and will have to keep notes on paper or in Microsoft Word on their laptops.

As a national health monopoly, the NHS will not be going out of business. But a private company that lost its manufacturing, logistics, or service management system for a month would be finished.

You do everything you can to prevent bad things from happening. But have you also planned contingent action in case something terrible does happen? The NHS hadn’t.

When the Shortcut Becomes the Standard Way

August 12, 2022August 14, 2022IT Leadership, Technology That FitsOperations, Procedures

There must be a shortcut for every Standard Operating Procedure (SOP). You cannot allow the production database to be down for hours while you chase down everyone on the Change Advisory Board. The police cannot wait for a judge and the associated paperwork if somebody’s life is in danger.

The problems start if the shortcut is abused. Amazon is sharing video from your Ring doorbell with anyone who works for one of their 2,161 “partners” as long as they promise on their scout’s honor that it is really important. Google will similarly share the video feed from your Nest camera. They say they haven’t done so yet, but that’s only because law enforcement hasn’t noticed them yet.

I’ve been in organizations where half the work of IT operations was Emergency Changes. Do you track how much work is handled following SOP and how much your people use the shortcuts?

The Original Sin of Technology Projects

August 10, 2022August 14, 2022IT Leadership, Technology That FitsContractors, Engineering, Project Management, Requirements

Today is the 394th anniversary of the original sin of technology projects. The Swedish King sent out an RFP for a huge warship, and a private contractor was selected to build it. But on second thought, the King wanted the most powerful warship in the world. So he required another deck of cannons to be added. A conscientious engineer would have refused, telling the King that this would make the vessel too top-heavy. But just like a modern contractor, the private shipbuilders accepted the questionable change request and charged extra.

On its maiden voyage, the ship heeled over and sank just off the pier in front of thousands of spectators. Just like in modern IT disasters, a commission investigated, and in the end, nobody was punished.

In every failed technology project, dozens or hundreds of people know it will fail many months or even years before the failure becomes obvious. What are your processes to ensure that you are not building a modern version of the good ship Vasa?

(image by Jorge Lascar/Flickr used under CC BY 2.0)

Are you Depending on Luck or Skill?

August 9, 2022August 14, 2022IT Leadership, Technology That FitsLeadership, Security

If you can buy anything in 7-eleven today, count yourself lucky. Here in Denmark, the entire chain is shut down because hackers got into their Point-of-Sale terminals.

Through luck or skill, 7-eleven seems to have managed to limit the damage to Denmark. If they were lucky, each country simply runs its own network and are not interconnected. If they were skillful, they had segmented their network so the malware couldn’t spread. Remember that Maersk Lines had not sufficiently segmented their network, and were laid low when malware targeting Ukrainian companies spread from their Ukrainian subsidiary to their entire global operation.

Is your network appropriately segmented so one hacker cannot kill your entire operation?

Holding Your Ears is not an Effective Strategy

August 8, 2022August 14, 2022IT Leadership, Technology That FitsCommunication, Privacy, Strategy

Closing your eyes and holding your ears is considered an effective IT strategy. At least here in Denmark, where the Danish public schools have been ignoring European data privacy regulations. With much hand-wringing, they are now scrambling to replace their Google Chromebooks as the new school year starts.

The 2020 Schrems II judgment from the European Court of Justice said that because all data passed to American providers end up in the databases of the NSA, you are not allowed to store personal information with American cloud providers. Nevertheless, Danish schools kept using Google services. The Danish Data Protection Agency (DPA) has finally told them to stop.

The people at the coalface in your organization know where corners are being cut. But there are several layers of management between the people who know and the CIO and CTO who will be fired once the problem explodes. So if you are in an IT leadership position, how are you ensuring that you hear about questionable practices in your organization?

Could You Put Your Phone Down for 24 Hours?

August 6, 2022Spiritual ProgrammerDevices, Life

August 6th, 2022, is the 3rd Global Day of Unplugging. When you read this, think about if you can put your phone down and stay offline for 24 hours. Many people think they can, but few people have the willpower. Are you up to the challenge? #globaldayofunplugging