Involve your team members when you do your threat modeling.

Most of the companies I worked for or know about have a bizarre threat modeling process. They count on the architect or the most knowledgeable person to do the threat modeling. It’s defined as a one-person job!

If your goal is to do it, because it’s one of the required artifacts for your service to go in production or any other stage, it may be the right approach. But this is no threat modeling; it’s a false sense of security. You call for harmful attempts against your system because you put all the eggs in one basket. 

It’s the exact opposite of the goal of a threat modeling session.

Involve your team members when you do your threat modeling.

Every person in your team has a unique perspective and a way of thinking about possible threats against any system. 

Every person has a different experience compared to the others. 

Every person has different emotions and morale. 

All of those qualities play a critical role in the threat modeling process.

Let me give you an example:

I started a fun and useful exercise, explaining the threat modeling goal by bringing people together in front of a virtual whiteboard and doing a threat modeling against a beer tap infrastructure. 

The challenge

We have a yard with a few doors to enter it. We also have the beer tap, a pressure system, key storage, and some power controls. We have two boundaries to protect.

The team members were encouraged to “go wild” and think just for 7 min about all possible threats they see against the infrastructure individually. 

Then I asked them to put virtual “sticky” notes near the components that could be threatened and discuss the findings as a team.

I did that with six groups from different geo-locations, and every time, I received different results. 90% of the threats were common, but 10% of them differed from group to group. This is how you make your modeling better.

To compare, I asked a few people to do this exercise alone for the same time, and the difference I saw was that the wisdom of the crowd identified with 40% more threats than a single individual. If this is not hard proof, which is it?

Involve your team members when you do your threat modeling. It’s the first step into your journey towards creating a bit more secure products.

Hiking Near Prague: Třebsín

One of our favorite short hiking walks (3-4h) near Prague starts from a small village called Třebsín .

The route.

Stop the car* by the pub – usually, there are around 20 car spots. Then follow the green route towards “ Závist u Třebsína .”

You might see most of the people going to another direction, but I recommend you not to follow them. The reason I’ll explain later.

So, find the green path and walk a bit up-hill for 0.5 kilometers. You will pass this magnificent view.

After a while, the road will end, and you will start walking into a fantastic forest. Keep walking for another 2.5 kilometers. Make sure you read all the signs along the path to learn more about the area. In the end, you will find the next stop called ” Medník .

A view from the forest

Then continue to the green path to “Na Stezce.”

The green path :)

At some point, you will feel the 15 min downhill experience, which was the main reason not to take the trace the other way around as most of the people did :) I saved you! :)

When you reach “Na Stezce”, change the color and start following the “red” path towards “Pod Třebšínem

You will pass lots of bungalows and friendly-looking people and a lovely pub, which is closed due to the COVID lockdown. Then you will see some beautiful views from Sazava River like the one that we took with our cameras. Just follow the road and be kind to nature and to the people you meet.

Here you can sit and observe the nature
A nice view from the route

When you reach “Pod Trebsinem” retake the green path for another kilometer to go back to Třebsín .

Don’t forget to stop by here and read more about the name of the village. It’s a pretty exciting story, but since my Czech is very limited, I liked the way they presented it more :)

A story about the village,

* I use my car to drive somewhere and to discover routes that start and finish at the same spot.

Inspiration for Scrum Masters and Other Leaders (vol 1)

I hope you have read my article about building a scrum master community. where I share some thoughts on how to help the scrum masters grow and become real stars.

This week I have decided to explore the opportunity to create a spam source (I meant a digest) for the other leaders with whom I am working, with the same goal in mind.

Then I said to my self, what a beautiful covid day; Why don’t I share the links for you, maybe you could find them useful too.

Scrum Master Inspiration

Ruinous Empathy of a Scrum Master
You must have heard about the Radical Candor book and its quadrant model. Today I want to talk about how you can apply this model to a Scrum Master role

Scrum Team Roles and Responsibilities
The Scrum team chiefly consists of three roles: The Scrum Master, Product Owner & the Development Team. Anyone outside the core team doesn’t have any direct influence over the Team.

2019 Scrum Master Trends
Old but gold: The survey results reveal salary trends and agile adoption patterns, while also exploring gender equality within the Scrum Master role.

Product Owners and Engineering Leaders

Defect Management in Scrum
Eventually, everyone who has done some basic Scrum training asks the question, “How do you handle the fixing of bugs? Where does this fit in the process?”

Becoming a Manager of Engineers
Becoming a manager is usually one of the biggest challenges of an engineer’s career. This article will give you some great advice and help you grow.

Top 10 Software Engineering Metrics Too often, software engineering team leaders are worried that measuring metrics could be perceived by their team as an unnecessary, intrusive complexity that will erode their culture and wellbeing

The Product Owners and The (Business) Value
Product Owners’ main responsibility is to maximize the value for the Product, in order to create, deliver and maintain a successful Product, but what is value?

Pardon the interuption. I have a gift for you.
I know you are busy but curious. Join 73 people like you and get notified when there is a new Agile article avaiable.
I hate spam. Your email address will not be sold or shared with anyone else.

Burn Baby Burn!

How much time do you spend in meetings? I guess a lot. How do you track the ROI of a meeting? Yeah, there are formulas and approaches and studies in the universities, but if you want to check a pretty neat way of doing that – see this website. I challenge you to show that on the screen during your next meeting. :)