As we continue to shape our service offerings in line with our mission, values, principles and experiences, we’re reminded of a crucial aspect of any organisational journey:
The importance of building and maintaining a shared understanding
This shared understanding is not a one-time achievement but an ongoing process, essential for aligning on goals and driving meaningful solutions. Without this continuous alignment, even the best strategies can falter.
While it may be tempting to look for 'out of the box' solutions in a rapidly evolving technological landscape, the reality is more nuanced.
No “Out of the Box” Solutions
This image of the "digital Pandara's box" strikes again....
In the fast-paced world of technology, the allure of pre-packaged, “out of the box” solutions is strong. These solutions often promise quick fixes to complex problems, but the reality is that each organization and its challenges are unique. What works in one context may not work in another, simply because the people, processes, and technologies involved are different.
This is why we emphasize that there is no one-size-fits-all solution. Instead, we advocate for a collaborative approach where people and technology grow and adapt together and teams take ownership, self-govern and tailor their own operating frameworks, drawing from principles found in frameworks like Agile Development, DevSecOps, and the Westrum Model — all of which emphasize the importance of context, collaboration, and continuous evolution.
The Never-Ending Ping Pong Game
Business people and developers must work together daily throughout the project
Imagine this: You’re in the middle of a project, and the team is knee-deep in code, caffeine, and good intentions. Suddenly, the client drops a bombshell—turns out they don’t need a full-fledged rocket ship after all; they just want a bicycle. Cue the collective facepalm. But hey, this is Agile, so no sweat, right?
In an Agile world, this kind of scenario is just another day at the office. Agile is all about rolling with the punches—or in this case, cycling with the changes. The whole point is to keep the lines of communication open, so when someone suddenly swaps out your rocket for a bike, you’re ready to adapt.
The beauty of Agile lies in its iterative cycles and continuous feedback loops. Picture it as a never-ending game of ping pong—except instead of playing with paddles, you’re volleying ideas, requirements, and feedback back and forth between the team and stakeholders. The goal? To make sure everyone stays on the same page about what you’re building and why. Because let’s face it, nobody wants to end up with a Franken-product that doesn’t quite fit the bill.
In our hypothetical bike-rocket scenario, the team’s ability to adapt is rooted in their shared understanding of the project’s goals. The developers aren’t just blindly coding away; they’re in constant communication with the business folks, tweaking and adjusting as new information comes in. And the business folks? They’re making sure the team knows that, yes, the bike should have rocket-like speed, but it doesn’t actually need to leave the atmosphere.
This continuous check-in process is what makes Agile tick. It’s not about sticking to a rigid plan — it’s about keeping the plan flexible enough to adapt as you go. The more the team communicates and collaborates, the more they can ensure that what they’re building is exactly what’s needed, even if that changes halfway through.
Syntax Error: "DevSecOps" failure to compute
Its funny to me how many of us take for granted how human code is far more complex than computer code. A bug in human code can be catastrophic. In my experience as Head of DevOps, I found that the most significant challenges often stemmed from misunderstandings and differing interpretations—a reminder that even the most well-defined concepts can be perceived differently across teams. DevOps is so many things to so many people. To some, its the beautiful marriage between development and operations teams. To others, its how we deploy our software changes. To some, its the team that automates stuff. And to others, its just simply a pain in the arse.
Objectively, I understand DevOps to have emerged as a movement from a point in time where a lot of human thinking and technology was geared around overcoming the challenges born from development operations teams having historically worked in silos. This was then taken to market by you-know-who as as suite of must-have tools, practices and capabilities, essential, it was claimed for success in the new world. In stark contrast to the "Security First" principle that we know and love, Sec (Security) was later chucked in the middle, because, you know, security is important and all that. A recipe for certain confusion for most, and likely disaster for many.
If you were to ask me what the key to overcoming our disaster was, I'd tell you it was creating the space and the shared intention for the cross-function teams of stakeholders to arrive at a shared definition and then matured understanding of what DevOps was to us as a whole.
We came up with 3-4 definitions that were centrally published and regularly revisited, along with an acknowledgement that DevSecOps is many things to many people. One of those definitions was:
DevSecOps is the union of development, operations and security teams, practices and tools with an emphasis on working collaboratively towards win-win outcomes, rather than throwing work over the fence and pointing fingers when things go wrong.
We agreed a vision:
As a human centred support system, we have the learning facilities, tools and confidence to become masters of our craft.
And then we agreed a set of strategic imperatives with associated outcomes, measures
This was presented to the board for sponsorship and then off we went; a set of cross-functional, multi-disciplinary professionals working in support of each other to achieve agreed business goals with a shared understanding of our language and a set of parameters that we defined ourselves.
Penny Pushing: The Westrum Model
One of my most trusted eye-openers for helping teams and individuals recognise the anti-patterns of a non-performance-oriented organisation is flinging the table below up on screen and remaining silent whilst the cogs turn and the pennies drop.
The Westrum Model categorizes organizational cultures based on how information flows within them, distinguishing between pathological, bureaucratic, and generative cultures. In generative cultures—those that are high-performing—information is actively shared, and collaboration is encouraged. This type of culture is essential for achieving a shared understanding and for aligning teams toward common goals.
A generative culture, as described by Westrum, is characterized by trust, openness, and a focus on mission rather than individual or departmental silos. This culture not only supports the principles of Agile and DevSecOps but also fosters the kind of environment where both people and technology can evolve together. By prioritizing information flow and collaboration, organizations can build high-trust, highly-collaborative, and highly-performant teams.
Breadcrumbs: Leading to a Fundamental Truth
When we examine Agile, DevSecOps, and the Westrum Model, we find that each framework leaves breadcrumbs pointing toward a fundamental truth: the critical importance of building and maintaining a shared understanding of our goals and challenges.
In Agile, the iterative cycles and continuous feedback loops aren’t just about refining products—they’re about ensuring that everyone involved remains aligned on what’s being built and why. The very nature of Agile emphasizes that understanding can shift over time, necessitating ongoing collaboration and adaptation to stay on course.
DevSecOps, too, underscores the need for a shared understanding. By integrating development, operations, and security, DevSecOps aims to break down silos and foster a collaborative environment. However, this collaboration can only be successful if all parties have a common understanding of their shared goals and the specific challenges they face. Without this, the integration becomes superficial, and the potential for conflict and misalignment increases.
The Westrum Model further reinforces this truth by categorizing organizational cultures based on how they handle information. In generative cultures, information flows freely, and teams work together toward a common mission. This free flow of information is crucial for maintaining a shared understanding, as it ensures that everyone is on the same page and can respond to changes in real time.
Each of these frameworks—Agile, DevSecOps, and the Westrum Model—offers insights that, when combined, lead us to a deeper realization: no matter how sophisticated our tools or processes, the foundation of any successful endeavor is a shared understanding of where we are and where we want to go. This understanding is not static; it must be nurtured and revisited continuously to ensure that it evolves alongside our goals and the challenges we encounter.
Invitation for Reflection
As we continue to explore these themes in our work, we invite you to reflect on how these principles might apply to your own organization. How do Agile, DevSecOps, and the Westrum Model resonate with your current practices? In what ways can you foster a culture of trust and collaboration that supports both human and technological evolution?
Here is a little teaser of images that we may use to provoke discussion during a talk we are preparing. Does anything sprint to mind when you see them now?
Comments