Tripwire has always considered its software development practice as Agile, but we didn’t formally adopt Scrum as our framework of choice until about four years ago. Since then, we have seen valuable results that affirm that we made the correct choice.
Using agile methodologies helped us become more data-driven and predictable in terms of how much value we can deliver in a given time-frame, which helped us become more efficient in release planning.
Optimizing for customer value has always been a Tripwire instinct. Scrum helped formalize and institutionalize that instinct. It gives us the shortest path to delivering the most customer value.
Scrum is a product development methodology where self organizing teams work together as a unit to deliver incremental product value. The scrum framework defines roles and processes and provides guidelines around them.
By delivering functionality in an iterative and incremental manner, we are able to change direction at every sprint boundary. We continuously maintain a prioritized product backlog that provides long term guidance and direction but at the same time we are able to accept new work and make tradeoffs based on customer value.
For longer initiatives, dividing the backlog into several potentially shippable increments that can be executed on by multiple teams and released accordingly, helps in release planning by making the horizons shorter and the estimates more dependable.
Having a well defined and consistent “Done Criteria” for individual backlog items helps teams deliver incremental value by dividing features into smaller pieces and delivering them in smaller chunks, one at a time with consistent quality. Dividing the release cycle into uniform time boxes provides a way for teams to focus and deliver predicable value in a repeatable fashion.
Having autonomous, empowered cross functional teams that can execute on different types of projects is key. Stable teams that know how to work with each other and trust each other are successful in consistently building high quality software that solve customer problems.
Frequent and sustained face to face communication is the norm. Also, Tripwire’s hiring process includes looking for cultural fit. We value people that want to work in a highly collaborative environment.
Another opportunity to deliver rapid customer value is to release software as content. This can take the form of delivering security policy content, vulnerability remediation guidance and reports out of band from product upgrades, which usually have to go through a more rigorous process for many of customers.
As the security landscape changes, and as visibility and awareness of security grows in the top echelons of organizations, Tripwire has an opportunity to solve our customers’ security problems by introducing solutions to the market that truly connect security to the business.
Our agile software development model puts us in a unique position to successfully deliver on this promise. It helps us get new solutions to the market quicker and also helps us pivot quickly based on customer feedback.
This feedback comes to us in various forms. Our Product Managers are constantly in touch with customers, soliciting their needs and wants and feeding those back into the product roadmap and backlogs. Our User Experience team validates these continuously during product development to ensure that we are building the right products for our customers.
We believe that our agility is key to delivering optimal customer value and we continue to keep looking for ways to do that better. Continuing on the path of using data driven release planning will allow us to be more predictable and consistent in our product development and delivery.
- Influencing Agile Team Productivity
- How Agile Software Development Produces Positive Outcomes
- So You Want SSDLC? Why Security Won’t Just Happen…
- So You Want to SSDLC: Overcoming Obstacles
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
* Show how security activities are enabling the business
* Balance security risk with business needs
* Continuously improve your extended enterprise security posture
Title image courtesy of ShutterStock