Sunday, September 20, 2015

Graffitis of Buenos Aires Subway

#SridharPeddisetty, #Argentina, #BuenosAires, #BuenosAiresSubway #Graffiti, #Travel, #TravelPhotography, #PlacesToVisit, #PointsofInterest

Below are the pictures of various graffitis seen in Buenos Aires Subway

For more travel pictures visit my Instagram page 

Wednesday, September 16, 2015

Strategizing On Shifting Left Security In The SDLC

#SridharPeddisetty #InformationSecurity #Security #Strategy #Social #Mobile #Analytics #Cloud #IoT #SMAC
“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” – Bruce Schneier


Most of the Organizations still continue to have a reactive approach towards information security. In my earlier blog post 7 Reasons No Company Can Afford To Ignore Security, I had shared why Organization’s can no longer afford to ignore security and in 6 Steps Strategizing Security In An Organization shared on how to strategize security in 6 steps. Its important for organizations to have a proactive security strategy and have a shift left practice in software development lifecycle (SDLC) to focus on security right from the initiation state of a project. Integrating security in the SDLC helps in the accountability and increased communication with all stakeholders involved in the process to ensure the project is incorporating security policies while following the security guidelines

Why shift left security in the SDLC?

In the traditional SDLCsecurity strategy is always reactive in which the security testing is done at the end of development phase. If any security issues are found then, it becomes expensive to resolve and more often than not, due to time or financial constraints, quick patches are done or short term mitigations are put in place before releasing the software into production. More often than not, short term mitigations or patches result in costly expenses for maintaining security as the cost of operations are high. According to the study done by Cigital, cost of finding issues early during SDLC development phase results in upwards of 1165% savings when compared to finding issues during maintenance phase of SDLC.  

Strategizing on shifting left security in the SDLC 

Below is how we can strategize security by shifting it left in the SDLC. Incorporating security in each phase of SDLC helps an organization be more proactive in implementing a highly secured software. Moreover, overall costs are reduced as the security issues are found early in the development lifecycle. Security governance model established in the initiation phase helps define the security gates, policies, roles & responsibilities, timing of review, sign off process, etc. in each phase which governs security throughout the SDLC. Note that the Security Trainingis a continuous process throughout the SDLC so that the teams are constantly aware of security policies, protocols, tools, etc.


By shifting security left in the Software Development Lifecycle (SDLC), it helps in building more secured software and addresses the security compliance requirements while reducing overall cost. 
I will be sharing more inputs on Information Security including how to align Secured Software Development Lifecycle (SDLC) using Agile or Waterfall methodology and how security can be trained, initiated, planned, analyzed, designed, implemented and maintained. Meanwhile let us know if you have any questions or comments. For any questions, please reach out to me at
Strategizing On Shifting Left Security In The SDLC was originally posted under Prokarma Blog 

Tuesday, September 15, 2015

6 Steps Strategizing Security In An Organization

#SridharPeddisetty #InformationSecurity #Security #Social #Mobile #Analytics #Cloud #IoT #SMAC

"Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." — Gene Spafford (in e-mail to organizers of a workshop on insider misuse)


For any organization, security is the collection of technologies, standards, policies, regulations and management practices that are applied to systems and respective data points to keep them secured. In my earlier blog post 7 Reasons No Company Can Afford To Ignore Security, I shared why organizations can no longer afford to ignore security. It's important for organizations to have a proactive security strategy in place for reasons inclusive of:
  • Present business operations of an organization increasingly vulnerable to risk,
  • Security threats from mobile & web interactions with corporate systems,
  • Ever-expanding regulations, and
  • International access points requiring organizations to be complaint with regulations and law of the land

  6 Steps Strategizing Security In The Organization

I will be sharing more inputs on Information Security including how to align Secured Software Development Lifecycle (SDLC) using Agile or Waterfall methodology and how security can be trained, initiated, planned, analyzed, designed, implemented and maintained. Meanwhile let us know if you have any questions or comments. For any questions, please reach out to me at

Saturday, September 12, 2015

Where Scrum Falls Short, Scrumban Comes To Rescue

#SridharPeddisetty #Agile #Scrum #Kanban #Scrumban #ScrumFails #ScrumDoesNotWork #ScrumPrinicples #ScrumbanPrinciples 

What is Scrum?

Scrum is an iterative and incremental lightweight Agile based software development methodology, which is based on following core principles:

What is Scrumban?

Scrumban combines the core principles of Kanban with some of the core principles of Scrum. In my earlier post Kanban & DevOps - Forming a Perfect Alliance, I had shared the basics of Kanban, which includes:

  • Visualize Work In Progress (WIP)
  • Limit the WIP
  • Maximize Productivity (by minimizing lead time)
Essentially in Scrumban we employ Kanban's ‘pull’ approach rather than Scrum’s ‘push’ approach while using theScrum principles with some modifications. So core principles of Scrumban translates to  
  • Sprint – In a Sprint instead of limiting it as time–boxed, team ‘pulls’ prioritized ‘just in time’ (JIT) work items in the Sprint based on team's bandwidth. In other words, Sprint is ‘limiting the WIP’ instead of time-boxing the Sprint
  • Sprint Planning - In the Sprint Planning, team plans for JIT work items. Since Sprint is not time-boxed, team does not necessarily spend time on doing estimations but rather focus on understanding the work item goals, dependencies and how to do the work
  • Daily Scrum – Team continues with Daily Scrums answering basic 3 questions  
                 o    What did they do since last Daily Scrum? 
                 o    What is the plan to do till next Daily Scrum? 
                 o    What are current impediments (if any)? 
  • Visualizing Work In Progress (WIP) - Team uses board to visualize JIT work items including the respective state of the work items and swim-lanes they belong to 
  • Sprint Review – Team uses Sprint Review for showing demo of work items to the concerned stakeholders & 
  • Sprint Retrospection – Team uses Sprint Retrospection for doing retrospection, providing an opportunity for continuous improvement. Ceremony can be used for identifying bottlenecks and opportunity for optimizing the work flows. In my earlier post 'Metrics For Maximizing Productivity In Kanban SDLC’, I had shared on how to maximize productivity in Kanban SDLC

Where Scrum Falls Short?

Scrum falls short when team spends too much time upfront in doing Sprint Planning and in the middle of the Sprint, there is a priority change for one or more User Stories. In some situations, an entire Sprint could be cancelled by the Product Owner or the Management for various reasons including budget constraints, change in priorities or the work items in Sprint are allocated to another project team. All this not only impacts team’s productivity but also at times the morale of the team. Another concern commonly heard in Scrum Retrospections is that the velocity is not helping do accurate estimations or the Sprint backlog is not achieving desired forecasting. Lastly, in my experience I have seen some teams following Scrum fixated on following the “process" rather than focusing on delivering value.    

How Scrumban Come To The Rescue?

Since Scrumban is based on the lean principle of focusing JIT work items, team remains committed to the WIPScrumban provides the flexibility of prioritizing and reprioritizing work items and since team is not doing any heavy lifting of upfront planning, they remain focused on delivering value faster. Scrumban also provides the flexibility to the team for switching gears to work on expedite work items which is not possible in Scrum especially when in the middle of a Sprint without causing some serious feathers to ruffle. Lastly, since Scrumban is based on Lean values, it focuses less on following the ‘how of the process’ and focuses more on delivering the value through continuous improvement. 


In summary, Scrumban is a lightweight SDLC process that combines Scrum to be more Lean & Flow oriented. In Scrumban, team achieves optimized productivity by remaining focused on JIT work items and faster cycle times. Team gets better at spending less time in doing deep dive up front estimations and instead uses more cycle-time based forecasting, which provides team with more time in actually delivering quality work item.
I will be sharing case studies, process improvements and best practices specific for Scrumban in my future posts. Meanwhile let us know if you have any questions or comments. For any questions, please reach out to me at 

Wednesday, September 9, 2015

7 Reasons No Company Can Afford To Ignore Security

#SridharPeddisetty #InformationSecurity #Security #Social #Mobile #Analytics #Cloud #IoT #SMAC
"It used to be expensive to make things public and cheap to make them private. Now it’s expensive to make things private and cheap to make them public." — Clay Shirky
Today, technology is becoming core for any business and companies that are becoming more dependent on their information systems, with threats to public and personal data increasingly more real. To have an edge over their competition and with companies investing heavily on SMAC (Social, Mobile, Analytics & Cloud) and Internet of Things (IoT), they are exposing their business to new forms of information security risks. More often than not, companies have a very reactive approach to security in which there is minimal security strategy in place if none at all.
The following 7 reasons are important to understand and know that no company can afford to ignore security in today’s changing landscape of disruptive innovation with technologies and processes.
#1. Financial losses: Security breaches can lead to business interruptions, which directly impacts the financials of a company. An attack that leads to downtime for a data center can cost businesses nearly $8,000 per minute. Considering that the average downtime for each incident is almost 1.5 hours, companies stand to lose almost $700,000 due to downtime.
#2. Intellectual property theft: Even though companies are becoming better at protecting themselves from an outside threat, the view is that theft of intellectual property more often happens intentionally or inadvertently by the existing employees. Social media is the biggest medium through which free-flowing data leakage could happen. Phishing scams, whereby attackers try to elicit information from individuals, pose a significant threat as well.
#3. Damage to the reputation: In today’s world, reputation risk ranks among companies’ top strategic risks, and security is one of the primary drivers of reputation risk. According to The Reputational Impact of IT Risk

  • 46% of organisations suffered damage to their brand reputation and value, as a result of a security breach and
  • 19% of organisations suffered damage to their brand reputation and value, as a result of a third-party security breach.

#4. Fraud: General perception is that fraud happens mainly in banking and online retail shopping but the fact remains that all companies are vulnerable to fraud. Almost all companies use systems for online transactions, which are always vulnerable for attacks where hackers do major fraud. Unfortunately, today there is less protection for recovery of stolen funds under the law for businesses than for consumers, which makes companies more prone. 
#5. Extortion: Number of extortion cases are on the rise with extortionist groups threatening companies that their web sites would face a distributed denial-of-service (DDoS) attack if they do not pay ransom. Recent Ashley Madison data breach is an example of how a company can be extorted and the irreversible damage it could cause to the company and its stakeholders. 
#6. Loss of shareholder value: Highly publicized data breaches at Sony PicturesAnthem InsuranceAshley Madison and other major businesses continue to put loss of shareholder value at high risk. Ashley Madison CEO quit after the data breach, which caused a major loss of shareholder value. 
#7. Legal Implications through lawsuits: In recent times, companies have experienced possible damages due to lawsuits from security breaches and the overall loss of customers. The average cost for a legal defense stands at half a million dollars, while the average cost of a settlement reaches seven figures at one million dollars. Again Ashley Madison is a good example of the legal implications affecting the company. 
Let us not look back in anger or forward in fear, but around in awareness— James Thurber
I will be sharing more information on Security including how to strategize and plan for Security, Risk and Compliance. Also sharing how to align Secured Software Development Lifecycle (SDLC) using Agile or Waterfall methodology and how security can be trained, initiated, planned, analyzed, designed, implemented and maintained. Meanwhile let me know if you have any questions or comments. For any questions, please reach out to me at 
7 Reasons No Company Can Afford To Ignore Security was originally posted under Prokarma Blog on Sep 8th 2015

Tuesday, September 8, 2015

Metrics For Maximizing Productivity In Kanban SDLC

#SridharPeddisetty #Agile #Kanban #SDLC #Productivity #BestPractices #Metrics #EngagementManagement

“Measure what is measurable and make measurable what is not so” –Galileo

In my earlier post Kanban & DevOps - Forming a Perfect Alliance, I had shared the basics of Kanban. In this post, we will look at the metrics for identifying bottlenecks while using Kanban as the software development lifecycle (SDLC) methodology. With experience and motivation to improve quality comes working out the right metrics, which measures areas of continuous improvements. In my earlier post 10 Ground Rules on the Right Metrics for Your Business, I had shared some rules on selecting the right metrics that is tied to the desired business outcomes. As summarized in the blog post, data collection, analysis & management is most often cost and labour intensive, so its important to always weigh in against the benefit derived from the selected metric.

One important principle of Kanban is to maximize productivity by optimizing the flow of work and managing work in progress (WIP) by removing bottlenecks. Before selecting the metrics, we need to assess what metrics is needed and then plan on using the processes and tools, which will provide the data for quantification in a shape and form that will allow us to measure. Presently Organizations are competing to provide faster value to their customers, which is effectively done by sizing and decomposing the requirements into minimal marketable features (MMF).

In Kanban, we can have have the Kanban board visualizing the WIP for states and swim-lanes. States could represent the following phases a user story (feature) or defect goes through the development lifecycle
  • Product Backlog (Requirements)
  • Defined (Analyzed) 
  • In Progress (Development & Testing)
  • Completed
  • Accepted  
while the swim-lanes could represent WIP for 
  • Expedite (Priority) user stories or
  • Defects (Severity 1/2) or
  • Different functional groups such as
    • Architecture,
    • UI/UX Designers,
    • Business Analysts / System Analysts, 
    • Development 
    • Operations
    • DevOps
    • QA
    • Technical Writers
    • others  
In some cases, Kanban board can represent one swim-lane for both expedite and non-expedite user stories or defects while just visualizing states.

Below is a sample ‘Cumulative Mean Lag Time’ metrics, which is measuring the time spent by a user story (USxxxx) or Defect (DExxx) both expedite or non-expedite in each of the following state
  • Requested,
  • Defined,
  • In Progress,
  • Peer Review,
  • In QA, 
  • In UAT and
  • On Hold

From the metrics we can derive following information including identifying bottlenecks and areas of continuous improvement
  • Expedite user stories (US7000 & US7674) are obviously prioritized by the team as the time spent in each state was short comparatively, thus faster overall cycle time. Information can be derived from the chart if the expedite items are distracting the team in effecting their WIP items by looking at the mean lag time an item is spending in each of ‘Defined’ or ‘In Progress’ or ‘On Hold’ states.  
  • User story ‘US7626’ (second chart) was analyzed, developed, peer reviewed and tested in a short span (~2 calendar days) but spent ~9 calendar days in user acceptance test (UAT) state. One reason for this could be that the user story was not in the priority list for the stakeholders to be released or the priority lowered after the work started. As an opportunity for continuous improvement, we can look at the option where there is an opportunity to reprioritize the user story before the team starts the work.  
  • User story ‘US7322’ (first chart) spent a lot of time (~25 calendar days) in ‘Requested’ state and then some time in ‘On Hold’ state (~12 calendar days).  As an opportunity for continuous improvement, we can work with stakeholders to make sure that we are getting the right requirements and acceptance criteria for the user story along with prioritization. The total cycle time for this user story could be also more because of the complexity and/or dependencies on the other integration deliverables. In either case, metrics shows the bottlenecks and provides an opportunity to optimize work flow for future such occurrences. 
  • Above metrics also gives the overall cycle time for different sized user stories and defects, which helps in predicting for future work and ability to give a better commitment for the stakeholders 

User Story is like a fish, the longer its sits on the shelf, the less desirable it becomes. Use relevant metrics to measure lead time in each of the Kanban columns (states), which helps to identify the bottlenecks and to improve planning and forecasting. 

I will be sharing case studies, process improvements and best practices specific for Kanban in my future posts. Meanwhile let us know if you have any questions or comments. For any questions, please reach out to me at 

Metrics For Maximizing Productivity In Kanban SDLC was originally posted under Prokarma Blog on Sep 8th 2015

Sunday, September 6, 2015

7 Tips Having Good Times In A Client Relationship

#SridharPeddisetty #Leadership #Management #ClientManagement #ClientRelationship #EngagementManagement

When you come back from a family vacation, normally you remember all the good times you had including the moments that made you laugh, moments that made you relaxed, moments that made you feel proud, moments that made you feel blessed and moments that made you feel loved. If you have taken a road trip, you do not remember the number of times you applied the brakes or the mechanics of driving unless you met with an accident or had a near miss. Using the same metaphor, in a client relationship its not about the mechanics of delivering services to the client that is memorable but the feel good factors along the way, which the client experienced that remain memorable. It goes without saying that like the accident metaphor, if a service fails to deliver the value, it does stay in the memory with likely negative consequences.
Here are 7 tips for helping experience the good times in a client relationship while converting them into everlasting memories & forging long term relationships. 
#1. Build strategy around client satisfaction: A satisfied client is the best business strategy of all so build your strategy in delivering quality services to the client and define standards in terms of people, process and tools. Client appreciates processes which are standardized, routinized, predictable. Having variances in delivering services most often than not makes it complex while standardizing always makes job a bit less complex with predictable quality. 
#2. Be passionate about client service: Its important to understand how your services relate to the client and how the services solve client’s business problems. Always think about client’s business as if its your own and be passionate about it.  Working out the issues with this frame of mind, we ensure complete honesty while balancing in client’s favor and not merely always on our own wins. Its not the short term wins but the long term client gains, which fosters lasting client relationships. 
#3. Build the trust factor: The toughest thing about the power of trust is that its difficult to build and very easy to destroy. The essence of trust building is to emphasize the similarities between you and the client. Always keep in mind that courteous treatment will make a client a walking advertisement and will not only help you win return client business but also new hunting grounds with client referrals. Be honest with your client and realistic in the services you provide. 
#4. See opportunity when client complains: Statistics suggest that when customers complain, business owners and managers ought to get excited as it represents a huge opportunity for more business, provided you handle it appropriately. We all understand that there would be times when client would complain and instead of being negative or defensive, use the opportunity to be an active listener and empathize with client. Earlier I had  shared a post on similar lines Why Active Listening is Key for Successful Delivery of Agile Based Projects
#5. Be Proactive rather than reactive: It is so much easier to be nice, to be respectful, to put yourself in your customers' shoes and try to understand how you might help them before they ask for help, than it is to try to mend a broken customer relationship. “You don’t drown by falling in the water; you drown by staying there”, so instead of being reactive, walk a mile wearing client’s shoe and be proactive. Devise a robust communication and stakeholder plan to manage being proactive and have a vision for client partnership. 
#6. Strive to be the best for client: Akio Toyoda famously said "Everyone says Toyota is the best company in the world, but the customer doesn't care about the world. They care if we are the best in town, or not. That's what I want to be.” Same thing applies when it does not necessarily matter to the client whether you are a top consultancy services company in the world or having more skilled resources but what matters most to the client is that you are best for them and partnering closely to achieve their strategic business goals.  
#7. Understand client expectations: Do not deliver services based on what client wants but deliver services based on what client needs. Its known fact that no customer ever asked for the electric light, the pneumatic tire or the iPhone. To understand client needs, its important to connect with them personally at all levels. Foster relationships through face to face meetings,  small talks and regular check-ins to always map delivering services aligned with the needs of the client. 
“Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives" 
Previous posts you might be interested in