Agilistic

What I've learned while working with Scrum and Agile software development.

The Scrum Guide emphasizes that Scrum Teams should be self-organizing and cross-functional. Guides, frameworks and methodologies aside, this is very sensible advice if you want to allow a team to discover the best way to do their job and work around (or through) obstacles. But being a cross-functional team does not mean that everyone should be able to perform any task. Nor does it mean that there can be no specialized skills in a team, like design, development, testing, analysis or UX. These definitions share the assumption that teams are at their best when skills are (mostly) homogenously distributed. This…

Welcome to my upgraded blog! I hope you like it, and that you find it more readable and friendlier for the eyes. I spent the past few weeks migrating content, files and images, so you should have little trouble reading older posts. The only part of my old blog that I couldn't migrate are the blog comments, which were too closely tied to the old platform (BlogEngine). If you run into any issues, feel free to contact me. Why the change? Although setting up a new blog gave me a great opportunity to play with new technology (Node.JS and…

Most of the backlogs I work with are made up of user stories. Although they are in no way required for Scrum, they are a useful technique to describe functionality in a just-detailed-enough manner. But many seasoned analysts and architects cringe at the idea of having to write user stories. To them, it feels like a very sub-optimal and forced way to capture the richness of user requirements. And I completely get that it feels fishy to write user stories, only to have the Development Team come in and ask a ton of questions when they start working on it.…

This is my fourth post in a critical series on Evidence-Based Management (EBM). This series discusses a number of objections that I have against EBM; a quality movement that intends to improve managerial decision-making by urging managers to use the best available (scientific) evidence (Pfeffer & Sutton, 2006). In my first post, I introduced the series and summarized my objections. In my second post, I discussed the history of EBM and how Scrum.org applies it to software development. My previous post focused on the problematic definition of evidence that underlies EBM. In this post, I will…

Securing a website built on Microsoft’s MVC framework is not exceptionally hard. Out of the box, MVC offers a lot of protection against common OWASP attacks from the box. If you combine MVC with Entity Framework - like most of us - you don’t have to worry about SQL injection attacks either. But getting your MVC app through a penetration test is a bigger challenge. This post summarizes what I’ve learned so far, and applies to both MVC and WebForms (although some recommendations are less or not applicable). What hackers are usually after: your…