objectives. When combined with Agile and Lean practices, this approach can focus IT planning, reduce risk, eliminate waste, and provide a supportive environment for teams engaged in creating value. If you month, you can find the handout for Part 2 on the Agile4Defense GitHub page at: https://git.io/JeaO2 Risk The presence of uncertainty is the simple reason why Agile approaches work better than plan-driven business value by adopting an intelligent attitude toward risk. Risk is the chance of a negative impact resulting from uncertainty. We can reduce risk—often at a cost —but there is generally no way to eliminate

of custom-developing systems that preserve many of the advantages of buying off the shelf.  The risk of developing a system incrementally and altering it based on user feedback is often lower than that away by frameworks and design patterns. Incremental delivery and staged investments reduce cost and risk.  Custom code is almost not custom these days. A developer incorporates open source frameworks user-centric way and match the enterprise’s needs precisely. Risk is low, because the team is constantly adjusting.  Option 2: Compare that to the risk of buying a vendor’s product, where the investment is

information is evaluated and debated; more similar to R&D lab. f. REDEFINE FAILURE AND ENCOURAGE CALCULATED RISK-TAKING i. Leaders reinforce the culture through their actions ii. Roy Rappaport, Netflix – a single guidance as early as possible ii. Awareness and involvement provides better business context for risk-based decisions d. INTEGRATE SECURITY INTO DEFECT TRACKING AND POST-MORTEMS i. Track all open security the 10 exploits were over 10 years old. i. ENSURE SECURITY OF THE ENVIRONMENT i. Once a hardened, risk-reduced environment is put in place, it must be monitored to ensure it stays in known good states

substitute for the outdated project view in my vision for what IT leadership must become. Uncertainty and Risk: Third, underlying all of these changes – all of the problems with plan-drive approaches, all of confusion about how to deal with uncertainty and risk. What I call the “contractor-control paradigm” – is really about trying to make risk go away, when risk really the essence of what we do. Complex Adaptive practices, this approach can focus IT planning, reduce risk, eliminate waste, and provide a supportive environment for teams engaged in creating value. Risk: The presence of uncertainty is the simple reason

& practicing continuous integration & testing iv. Automating, enabling, and architecting for low-risk releases b. Integrating objectives of QA & Operations to improve outcomes 2. Ch. 9 – Create the and even higher job satisfaction and lower rates of burnout. 5. Ch. 12 Automate and Enable Low-Risk Releases a. Just like we reduce batch size and increase frequency of feedback during development control needs separate Operations groups have emerged ii. Widely accepted practice to “reduce the risk of production outages and fraud” iii. DevOps goal – shift reliance from separate groups to other

– forces a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access 3. System Process to Increase Quality of Our Current Work a. Goal – enable Development and Operations to reduce risk before production changes are made. Keep the reviews and approvals close to those whom are knowledgeable control failure – seems valid since we can imagine better control practices could have detected the risk earlier prevent the issue or could have taken steps to detect and recover faster 2. Accident due

have nothing to fear. Any Leader needs to be brave enough to allocate teams to do some calcuated risk- taking.” 8. Ch. 6 Understanding the Work in Our Value Stream, Making it Visible, and Expanding it