Search

DevOps In 5 letters: Should We Say CALMS or CALMR?

When someone asks me to explain what DevOps is about, I usually do this using the different letters of the acronym CALMS.CultureCulture is the foundation of DevOps. If you omit culture, you're only doing some symptoms of DevOps (like using a whiteboard, working in timeboxes and doing daily standup meetings won't make you an Agile team).Culture is about the people, about self-organized teams, about T-shaped profiles, about tearing down the wall between Development and Operations. A DevOps team takes end-to-end responsibility of an application or system: "you build it, you run it".If your organization has always been working in a command-and-control style, then the first thing to do is to instill a culture of team empowerment. And don’t underestimate this: this will probably take years to change.AutomationThis is where a lot of focus goes into and can be considered as the easiest to obtain. The heart of DevOps is the CI/CD pipeline: the continuous flow process that is triggered upon check-in of new versions of code. Continuous integration was already known in eXtreme Programming. In a DevOps context, the continuous delivery/deployment makes the story complete. To make your CI/CD pipeline work at its full capacity, you have to consider everything as code:Your source code of courseYour automated tests - unit tests, integration tests and so onYour configurationIncluding your infrastructure configurationYour database changesYour documentationBut automation is also about closing the feedback loop: getting observations, metrics from running system fed back into your team’s product backlog.Lean principlesDevOps is not about moving big chunks of changes to production, but instead, moving to a constant flow of small and easier to control changes. Flow, as in Kanban: limited work in progress, small batches. And moving to the production does not automatically mean: "going live". If there is a dependency with other code that is not yet ready, you can still disable your code via feature toggling until everything is ready to be activated.MeasuringThis is crucial to improving: define metrics on your process. How good are the things going in your organisation? Where is room for improvement? And the apply the typical Plan-Do-Check-Act/Adjust approach to gradually improve your way of working.SharingDevOps teams take full responsibility over their system. But this does not mean that they have to reinvent the wheel over and over again. They learn from their peers.Common senseThere are plenty of resources on the internet - blogs, pictures, slide decks and videos - that explain DevOps using this CALMS acronym. So by now, this acronym has become common sense for anyone who searched for some kind of definition of DevOps. Or hasn't it…?DevOps according to SAFe®, in 5 slightly different lettersRecently I had a discussion with a colleague who is a certified SAFe® Program Consultant and trainer. According to this colleague, SAFe® doesn’t talk about CALMS but about CALMR instead. She wanted to be sure we tell the same story and don’t confuse the people we train and coach. I am not going to give a full explanation of SAFe's definition of Devops, you can read it yourself on the SAFe® site (more specifically on this page www.scaledagileframework.com/devops).But I will briefly explain what the acronym CALMR stands for according to SAFe®:Culture of sharing responsibilityAutomation of continuous delivery pipelineLean flow accelerates deliveryMeasurement of everythingRecovery enables low-risk releasesThis discussion made me wonder: if a large part of the world talks about CALMS to define the principles of DevOps, then why does SAFe® talk about CALMR and what is the difference? And why do they call it "SAFe® DevOps"? So I did some investigation and this is what I found.What's the difference?In all honesty, whether you speak about CALMS or CALMR, in the end, both are equal, or better, equivalent. Let me explain why.In the CALMS acronym, the S stand for sharing. Sharing of knowledge, of experiences. Call it communities, or chapters and guilds if you are more into the way Spotify works. I deliberately don't call it "the Spotify model" because there is no Spotify Model (says Marcin Floryan, a Spotify chapter lead in this presentation: https://www.infoq.com/presentations/spotify-culture-stc).But that’s entirely different story.Sharing in CALMRIn "SAFe® DevOps", sharing is a part of the Culture. People work in teams. But teams together form a release train. So, these teams will not only need to align planning-wise, they also inspect and adapt during the IP sprint. And they learn continuously. OK, fair point. But sharing clearly is there in both definitions.Recovery in CALMSSo, what about the recovery aspect of SAFe® DevOps? Is it a part of the CALMS acronym too? In my opinion, yes, of course, divided over other aspects. The first thing that the SAFe® site tells about Recovery is "Stop the line mentality".Now, that is a Lean principle. Mary Poppendieck (Lean Software Development) mentions this in her presentations: "The greatest productivity comes from not tolerating defects. Create ways to detect defects the moment they occur” (see slide deck https://accu.org/content/conf2007/Poppendieck-Stop_the_Line_Quality.pdf ).The other parts, Plan for and rehearse failure and Build the environment and capability to fix forward and roll back, these are typically automation aspects. Plan for and rehearse failure talks about the chaos monkey.The Simian Army is a bunch of tools and concepts that will create chaos in your ecosystem: kill processes, slow down processing and so on. Chaos engineering is really great, but most likely not the first thing you will implement (even though it is a very good enabler for resilience). More information on the Simian Army can be found on the Blog of Netflix. (https://medium.com/netflix-techblog/the-netflix-simian-army-16e57fbab116).Fix forward or roll back: these are the capabilities of your CI/CD pipeline, the heart of your automation efforts in DevOps. Your Continuous deployment should allow to roll back changes. Or do canary releases: for certain changes you don't go full park all the way, but deploy on a very limited set of servers/containers as a try-out and roll back if "the canary dies".ConclusionI could not find any explanation on the internet why SAFe® talks about SAFe® DevOps. The only thing I can think of is that they want to stress how DevOps culture, principles and practices seamlessly integrate with SAFe®. Similarly, SAFe® talks about SAFe® ScrumXP, where the good practices of Scrum and eXtreme Programming help to deliver good quality software every iteration and every program increment, not only on team level, but integrated with the other teams of the Agile Release Train.As far as the difference between CALMS and CALMR is concerned: they both cover the same ideas. In my humble opinion, the difference between CALMS and CALMR could be a matter of focus: maybe the initial focus of CALMS was to stress the importance of sharing knowledge, whereas the CALMR stresses more the need to be able to roll back a failing change.Bottomline, CALMS and CALMR may not be entirely equal, but they are definitely equivalent.Anyway:

DevOps In 5 letters: Should We Say CALMS or CALMR?

1K
DevOps In 5 letters: Should We Say CALMS or CALMR?

When someone asks me to explain what DevOps is about, I usually do this using the different letters of the acronym CALMS.

Culture

Culture is the foundation of DevOps. If you omit culture, you're only doing some symptoms of DevOps (like using a whiteboard, working in timeboxes and doing daily standup meetings won't make you an Agile team).

Culture is about the people, about self-organized teams, about T-shaped profiles, about tearing down the wall between Development and Operations. A DevOps team takes end-to-end responsibility of an application or system: "you build it, you run it".

If your organization has always been working in a command-and-control style, then the first thing to do is to instill a culture of team empowerment. And don’t underestimate this: this will probably take years to change.

Automation
AutomationThis is where a lot of focus goes into and can be considered as the easiest to obtain. The heart of DevOps is the CI/CD pipeline: the continuous flow process that is triggered upon check-in of new versions of code. Continuous integration was already known in eXtreme Programming. In a DevOps context, the continuous delivery/deployment makes the story complete. To make your CI/CD pipeline work at its full capacity, you have to consider everything as code:

  • Your source code of course
  • Your automated tests - unit tests, integration tests and so on
  • Your configuration
  • Including your infrastructure configuration
  • Your database changes
  • Your documentation

But automation is also about closing the feedback loop: getting observations, metrics from running system fed back into your team’s product backlog.

Lean principles

DevOps is not about moving big chunks of changes to production, but instead, moving to a constant flow of small and easier to control changes. Flow, as in Kanban: limited work in progress, small batches. And moving to the production does not automatically mean: "going live". If there is a dependency with other code that is not yet ready, you can still disable your code via feature toggling until everything is ready to be activated.

Measuring

This is crucial to improving: define metrics on your process. How good are the things going in your organisation? Where is room for improvement? And the apply the typical Plan-Do-Check-Act/Adjust approach to gradually improve your way of working.

Sharing

DevOps teams take full responsibility over their system. But this does not mean that they have to reinvent the wheel over and over again. They learn from their peers.

Common sense

There are plenty of resources on the internet - blogs, pictures, slide decks and videos - that explain DevOps using this CALMS acronym. So by now, this acronym has become common sense for anyone who searched for some kind of definition of DevOps. Or hasn't it…?
Common senseDevOps according to SAFe®, in 5 slightly different letters

Recently I had a discussion with a colleague who is a certified SAFe® Program Consultant and trainer. According to this colleague, SAFe® doesn’t talk about CALMS but about CALMR instead. She wanted to be sure we tell the same story and don’t confuse the people we train and coach. I am not going to give a full explanation of SAFe's definition of Devops, you can read it yourself on the SAFe® site (more specifically on this page www.scaledagileframework.com/devops).
DevOps according to SAFBut I will briefly explain what the acronym CALMR stands for according to SAFe®:

  • Culture of sharing responsibility
  • Automation of continuous delivery pipeline
  • Lean flow accelerates delivery
  • Measurement of everything
  • Recovery enables low-risk releases

This discussion made me wonder: if a large part of the world talks about CALMS to define the principles of DevOps, then why does SAFe® talk about CALMR and what is the difference? And why do they call it "SAFe® DevOps"? So I did some investigation and this is what I found.

What's the difference?

In all honesty, whether you speak about CALMS or CALMR, in the end, both are equal, or better, equivalent. Let me explain why.

In the CALMS acronym, the S stand for sharing. Sharing of knowledge, of experiences. Call it communities, or chapters and guilds if you are more into the way Spotify works. 

I deliberately don't call it "the Spotify model" because there is no Spotify Model (says Marcin Floryan, a Spotify chapter lead in this presentation: https://www.infoq.com/presentations/spotify-culture-stc).

But that’s entirely different story.

Sharing in CALMR

In "SAFe® DevOps", sharing is a part of the Culture. People work in teams. But teams together form a release train. So, these teams will not only need to align planning-wise, they also inspect and adapt during the IP sprint. And they learn continuously. OK, fair point. But sharing clearly is there in both definitions.

Recovery in CALMS

So, what about the recovery aspect of SAFe® DevOps? Is it a part of the CALMS acronym too? In my opinion, yes, of course, divided over other aspects. The first thing that the SAFe® site tells about Recovery is "Stop the line mentality".

Now, that is a Lean principle. Mary Poppendieck (Lean Software Development) mentions this in her presentations: "The greatest productivity comes from not tolerating defects. Create ways to detect defects the moment they occur” (see slide deck https://accu.org/content/conf2007/Poppendieck-Stop_the_Line_Quality.pdf ).

The other parts, Plan for and rehearse failure and Build the environment and capability to fix forward and roll back, these are typically automation aspects. Plan for and rehearse failure talks about the chaos monkey.

The Simian Army is a bunch of tools and concepts that will create chaos in your ecosystem: kill processes, slow down processing and so on. Chaos engineering is really great, but most likely not the first thing you will implement (even though it is a very good enabler for resilience). More information on the Simian Army can be found on the Blog of Netflix. (https://medium.com/netflix-techblog/the-netflix-simian-army-16e57fbab116).

Fix forward or roll back: these are the capabilities of your CI/CD pipeline, the heart of your automation efforts in DevOps. Your Continuous deployment should allow to roll back changes. Or do canary releases: for certain changes you don't go full park all the way, but deploy on a very limited set of servers/containers as a try-out and roll back if "the canary dies".

Conclusion

I could not find any explanation on the internet why SAFe® talks about SAFe® DevOps. The only thing I can think of is that they want to stress how DevOps culture, principles and practices seamlessly integrate with SAFe®. Similarly, SAFe® talks about SAFe® ScrumXP, where the good practices of Scrum and eXtreme Programming help to deliver good quality software every iteration and every program increment, not only on team level, but integrated with the other teams of the Agile Release Train.

As far as the difference between CALMS and CALMR is concerned: they both cover the same ideas. In my humble opinion, the difference between CALMS and CALMR could be a matter of focus: maybe the initial focus of CALMS was to stress the importance of sharing knowledge, whereas the CALMR stresses more the need to be able to roll back a failing change.

Bottomline, CALMS and CALMR may not be entirely equal, but they are definitely equivalent.

Anyway:
Conclusion

Koen

Koen Vastmans

Blog Author

I am an IT professional working in a major Belgian bank for over 26 years. I have been into software development for several years, mostly in Java, from COTS software integration over web applications to digital signing. The past 6 years I was an agile coach and trainer. I recently joined a team of cloud native development, to focus on DevOps processes and organisation.

My passion for agile and DevOps is my main driver to share my ideas about these topics.

Join the Discussion

Your email address will not be published. Required fields are marked *

SPECIAL OFFER Upto 20% off on all courses
Enrol Now

Trending blog posts

Suggested Blogs

Top 10 Trending Courses in Information Technology for IT Aspirants

The best part to jump to the bandwagon of information technology or IT is, there is an enormous possibility for an individual if he or she starts studying a diploma or a degree, does either a master degree or a research course. He or she can get full-fledged engineering degree. We have listed down here in order of priority, top to down for a beginners to advanced level technical course that an IT aspirant look for. Java or J2E and Its Frameworks Java or J2EE is one of the most trusted, powerful and widely used technology by almost all the medium and big organizations around domains, like banking and insurance, life science, telecom, financial services, retail and much, much more. You have many things to learn in Java or J2EE, like the core part – J2SE, JSP, STRUTS, SPRING and/or HIBERNATE. This is one of the best and most advanced sophisticated applications. If you want to learn Java, you need to start from the ab initio to the advanced level step-by-step. There are many different frameworks as well as supporting technologies to learn for Java aspirants but the given things are must learn and highly demanding in current software market. CISCO Technologies Whether you are fascinated about learning network and switching technologies, then CISCO technologies would be your choice. You can learn CCNA, CCNP and more from CISCO academy. These types of certificates are global certifications. You will get global prospects after completing and learning these types of courses. If you are not coming from engineering backgrounds, then also you can learn CCNA or CCNP, or both. Then you need to take some ad hoc classes for non-engineering students. The great number of fresher and experienced candidate, these days, are pursuing networking courses, if you are one of them, then CISCO technologies can be your choice. A majority of CISCO institutes want degree – graduation in any discipline. SAS – Statistical Analysis System SAS is a popular course. This can be your career as SAS consultant that many medium and large organizations looking for fresher and experienced SAS qualified candidates. This is nothing but a data analytics course that can give you global exposure. The demand for SAS – data analytics is growing day-by-day and the business intelligence domain has emerged one of the most trusted and lucrative option for science graduate. These days, SAS is a’ la mode for fresher and experienced science graduate. It is an integrated system of software products that help to perform critical data-entry, data-retrieval, data-management, data-mining, report writing and graphics. DBA – MySQL – SQL Server In this highly competitive as well as dynamic Software/IT industry, there is one course the one course, which is very popular and can give you stable career is, DBA. This is a course or an ad hoc for students who are interested in learning MySQL and SQL server and like to create, manage as well as maintain the huge data files and other database flavors available in the market. DBA can be your best bet for career-oriented course, when you will be conversant with database with other supporting technologies; you can easily and quickly learn MySQL and DB2 in a much shorter period. The demand for DBA courses are increasing day-by-day and the demand shows the popular it is and the effective career you get after completing these technologies. Microsoft Technologies Microsoft technologies are high in popularity these days. You can be a database developer or a MS technology developer after passing one or multiple certifications, like MCSE, MCAD, MCSD, MCDST, MCDBA, MCAS and others. For enterprise and application development MCITP is one of the best for beginners and advanced level developers. Albeit, this type of certification is not at all a programming certification, but a system maintenance kind of, but have good future prospect. Cloud Computing Today’s biggest buzz in all small, medium and large IT town is all about cloud computing. You must use Google, Amazon etc. some of the big gun of cloud technology. If you are thinking of pursuing a course that can set your future-career in cloud computing, then IaaS, PaaS, SaaS, DaaS etc. would be learnt alpha and omega of cloud computing.
2827
Top 10 Trending Courses in Information Technology ...

The best part to jump to the bandwagon of informat... Read More

Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. What is hacking and ethical hacking? To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. Who are the different types of hackers? Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. What are the steps involved in hacking? Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. Commonly used tools/techniques for reconnaissance:  Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. Commonly used tools/techniques for scanning: Apart from NMAP, the below tools are used to perform vulnerability scanning: Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. Acunetix: Acunetix is known for its features and capabilities for web application scanning. 3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! Commonly used tools/techniques for gaining access: Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. How does the industry view ethical hacking? Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. Certifications related to ethical hacking If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!  
7402
Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or... Read More

How an IT Proposal Can Be Like a Reality TV Show

If you’ve ever watched reality TV shows, then you realize pretty quickly that this 42 minutes of entertainment is really just an obstacle course of challenges that are contrived to be literally and figuratively impossible to both the viewer and the contest participant. In other words, seeing others struggle and strive through the impossible while accidentally burning themselves, getting voted off the island, or getting criticized by a snarky British judge is called “good television”. I lived such a reality show experience but it wasn't glamorous or televised, there were no commercial breaks, there were no saves, and definitely no promise of marrying a gorgeous bachelorette at the end of it. My reality show was the competitive world of IT proposals.I was a project manager in the sales organization of a giant IT company. My challenge was that I received a new team every 30-60 days to work on a major proposal. I usually had no idea what the proposal was for at the start; I could not choose my teams, because they were always made up of those available at the time; and everyone’s skill-level varied so widely that I could have a veteran solution engineer working with a pricing analyst who was fresh out of college. There were a million moving parts, each proposal had corporate visibility, and they were valued in the millions or billions of dollars - no pressure! The gauntlet of corporate reviews took more time than it did to write the proposal itself, and all proposals were judged by a customer panel that decided who the winner was.One of the biggest challenges in IT proposal writing is that until the contract is awarded, it is never clear whether all of your effort was right or in vain. So, even if we had the perfect proposal we could still lose.Six rules: To turn up people into well-oiled machineGiven the absurdity of all this, I had to develop a method that would allow us to survive. I established six rules that allowed me to unify a huddled mass of people into a well-oiled machine that delivered these proposals on time, every time. And those rules are as follows:1. Have a clearly defined end-in-mind/goal2. Follow a schedule3. Have dedicated roles for every task4. Have clearly-communicated instructions and requirements5. Remove project blockades6. Treat team members as human beings and not resources1. Have a clearly defined end-in-mind/goalThe end-in-mind is the final deliverable, the final destination; and the “why” behind the proposals altogether. Many proposals lose because they focus on the mechanics of getting the proposal done, instead of providing a compelling vision of what the customer (and the proposal team) is actually trying to achieve. Understanding the end-in-mind is paramount. It drives schedule, cost, resources, and tells you when you’ve arrived. After all, how will you know when you’ve arrived unless you know where the end is?2. Follow a scheduleAmerican Football Coach, John Madden once said “even multi-million dollar athletes need to know what they need to be doing and when.”When you have a deadline, there are always two paths to get there - either through planning or procrastination. I chose the path of planning. While responding to last-minute deadlines can be thrilling, as a chronic habit it can burn you out quickly. For me, planning created a more balanced proposal experience, people were happier because they knew what they needed to do by when, and often we were finished well before the deadline.3. Have dedicated roles for every taskProposals of any importance are never done in a vacuum, and involve a variety of resources and management. In a reality TV show, these are your characters, actors, players, and contestants. At the beginning of each proposal, I established each person’s specific role. It is vital that the team understands why each person is there, and values one another's perspective.  4. Have clearly-communicated instructions and requirementsEvery successful proposal depends on rigorous communication. Communication is often downplayed as a soft skill, but it is actually one of the most critical factors of any project. As you already know, many projects that fail do so because of some level of poor communication.5. Remove project blockadesBad news doesn't get better with age, and on complex proposals issues are inevitable. Whether it’s unavailable resources, a complex multi-vendor solution, or your price is 3 million too high, you need someone to get obstacles out of your way. Sometimes that’s you, but sometimes it may be an empowered project champion. I needed a plan for dealing with issues early, otherwise they could sink my proposal at the end.6. Treat team members as human beings and not resources -The final rule was human connection. The moment my project teams saw each other as human beings, rather than as resources, we connected in a more personal way, and once we had that we were unstoppable.We succeeded because we had a clear vision of the end in mind, the roadmap to get there, a clear understanding of the value of diverse roles and viewpoints, open communication, proactive issues-handling, and the human touch.    By the way, all of this assumed that the proposal was approved, funded, resourced, and actually known to the management. If not, that would have been a whole different reality TV show altogether - I think that would have been a comedy.
How an IT Proposal Can Be Like a Reality TV Show

If you’ve ever watched reality TV shows, then yo... Read More

Useful links