Yesterday, a new book came out:  ”The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win.”  This book was written by Gene Kim, Kevin Behr, and George Spafford, who also wrote “The Visible Ops Handbook” (I was a contributing researcher on the Visible Ops work, and I shared an office with Gene for several years, so I know the author team very well).  I love this new book and want to tell you more about it.

Ppcover 3d

The Phoenix Project is a business novel that takes you through a few months in the life of Bill Palmer, an IT manager at a large auto parts manufacturing company. The book begins with Bill’s boss (head of IT Ops) and his boss’s boss (the CIO) getting fired. Bill gets a battlefield promotion and works directly with the CEO, who expects him to solve some serious IT problems (that threaten to destroy the business) in 90 days.

I loved this book because it builds on the same principles I’ve seen work time and time again in high-performing IT operations, but it also build on that foundation with a lot of new information and techniques. It also provides the framework for what I’ve been writing about here under the category, “Connecting Security to the Business.”  In other words, if you follow the guidance of this book, you’ll achieve clarity about the relationships between the infrastructure and applications you’re responsible for, and how they relate to the success of your business.  Great stuff.

“The Goal” for Information Technology

Don’t let the fact that this is a novel fool you – this is not fluff, and there is plenty of rich learning in this book. If you’ve ever read “The Goal,” by Dr. Eliyahu Goldratt, you’ll know that it was a business novel designed to make it easier to understand his “Theory of Constraints” (TOC) model and it succeeded in making a lot of very complex concepts approachable for business seeking to improve the performance of their manufacturing and supply chain operations.

The Phoenix Project is a lot like The Goal, in that it wraps a compelling story around such complex topics of DevOps, ITIL, Agile development processes, risk management, top-down risk-based audit scoping, and a lot more.

A captivating read, with realistic scenarios

As the story unfolds, you not only learn about these topics, you also see them in situations that you’ll recognize. I ran across quite a few scenarios that felt familiar both from my day job, as well as the work I do with enterprises and executives around the world. In other words, the situations in the book are very real business scenarios.

The characters remind me of people I know, as well. I had mental images of the characters as people I’ve worked with and you probably will, too. After all, the stereotypical IT security curmudgeon is not just a story – and you may be surprised what happens to the head of Information Security in this book.

I read this book on the plane the other day and found myself irritated when I had to shut down my e-reader for landing because I couldn’t wait to see what happened next! I can almost see this becoming a movie at some point (though the idea of an IT-oriented feature film is probably a bit of a stretch – maybe there could be a car chase or an alien invasion or something).

Learn to improve your business

As entertaining as this book is, there is a lot to be learned from it. In today’s business world, IT is involved in almost everything we do. One of the challenges faced by many IT professionals is that the non-technical parts of the business often don’t understand the linkages between IT activities and business success. The result is IT getting the short end of the stick and starving for resources.

IT contributes to these problems, as well, because they spend a lot of time on activities that aren’t “make or break” for the business so they have a hard time demonstrating value created with the budget they’ve been given.

The Phoenix Project hits this problem straight on and presents ways to get everyone on the same page about what’s really important to the business, provides tools for IT professionals to focus on delivering meaningful results for the business, and tying all of it directly to how the business makes money by satisfying customer needs.

A must-read for IT professionals and business people alike

The principles shared in this book are critical for any business that relies on IT for its livelihood. I recommend The Phoenix Project to every business person and IT professional that wants to increase their business performance.

If you want to see what the book is like before buying, check out this excerpt from The Phoenix Project.

Categories: Risk-Based Security for Executives, , , , Risk-Based Security for Executives, , , IT Security and Data Protection, , Regulatory Compliance,

Tags: , ,


Dwayne Melancon

Dwayne Melancon has contributed 131 posts to The State of Security.

View all posts by Dwayne Melancon >