Mr Bartlett Blogs
  • Ramblings...
  • OLD_CEFKorg
    • New CEFKorg Page!
    • About Computer Equipment For Kids
    • Alliance of Awesomeness
    • How do I help?
    • The Places We've Been
    • Tutorials
    • Learning Sites
    • Conferences

I told you so...

1/2/2022

0 Comments

 
You Never Know What You Are Going to Get

Who doesn’t like a good meeting

As we gathered into the conference room to discuss transitioning of applications to the Development team I knew we were about to uncover some nasty secrets hidden in the OPS team…..  Manager presents an application called CENTRON, it is basically an analyst task and incident tracking tool with scheduling capabilities.   I was familiar with this app, 2 years ago during the initial discussions of the app i had recommended the code, requirements, and issue tracking be done using the Development teams dev studio.   We got as far as importing the v1 code base into the repo and then never heard anything else from the application author/developer/team….   Now, with turnover and organization ‘realignment’ they were coming to the development team for help (and to take over ownership of the tool).    I was about to say:  “I told you so….”  but when looking around the room there was NO ONE from the prior organization that i had worked with or worked on the tool. Acquisitions can have a huge impact on people and vision. So I focused my energy on cleanup and getting this application under a supportable maintenance cycle. 

Laying the Foundation

First step, onboard the project into the Development Studio: 
  • Create needed Confluence space to store documents, notes, requirements, etc. 
  • Create needed Jira Project for issue management, resource planning, and prioritization
  • Create needed Bitbucket repo(s) for storing code and configuration items. 
  • Create needed Bamboo plans for CI/CD 

Our Development Studio has all the necessary components to on board any type of project and work it from the requirements/gathering phases all the way to the automated deployment of said tool.  The studio doesn’t just have integrated tools that make for quick execution but the documentation and processes to keep the studio running.  If folks are hired or the path of the team changes there should be an overall layout of how things run.  In this day and age of all things Agile, sometimes we lose the fact that documentation needs to be written, ‘lived’, and reviewed to keep it up to date and relevant to the current day operation.  
 

Collect ALL CODE!  
  • Need to get ALL code and configurations under version control.  A majority of the work done to the app was on the production server so it was a phased approach: 
    • Get all code into the repo
    • Verify the files ‘match’ what is available in production
    • Cleanup unneeded files
      • With many projects that do not have a repeatable release process you will find there are backup files and directories include.  (ie:  CENTRON.php_backup or CENTRON.php_old)
  • Removing the unnecessary files will allow the new maintainers to focus on the important files/parts of the tool.  Any time saved is well spent.  Think about the code review of the application by the ‘new’ development team.  If they are reviewing copies of the originals it is still time they have used for ‘wasted work’ and ineffective cycles.  Removing the files will guarantee that this time will be saved in the future over and over again. 
Documentation Review/Creation: 
  • Collect all related/relevant documentation and notes about the application.  Storing them all in a Confluence Space for the Application. 
  • Create a System Integration Diagram to visualize the other systems the application integrates/communicates with.  Without some type of diagram or map you can refer to, it becomes very difficult to understand the other pieces of the puzzle.
  • ANY documentation about the system/application will help you in the long run!


System Review: 
  • Review current application in production
  • Noting directories, configuration items, notes, security concerns, etc 
  • Adding all notes to a central page in confluence
  • Maintaining an application in a production environment is more than just the CODE BASE!  You need to understand the overall architecture of the application, how it integrates and communicates with other tools and services, operating system level configurations, asset details, user/account information, Outage and recovery procedures/documents are all important and cannot be overlooked. 

Backups/Recover: 
  • Do a complete backup of the system before ANYTHING is done on the server.
    • In our case it is a VM Snapshot which makes life soooo much easier then yesteryear 
    • Along with the backup procedure there should be recovery steps documented somewhere for the greater good and to reduce SPF (Single Point of Failure) within the teams. 
      • It’s hard to train without some documentation. 
      • How do you know procedure is followed if it isn’t documented? 

A New Day
Start a new:
  • Deploy a new server(vm) to replace the old production server.  After years of a system living in production you can no longer fully understand who was on the box, what they did on the box, what changes were made on the box, and who has root access on the box.  You are better off starting from a clean slate.
  • Determine how the code and components can be more easily managed.  Does it make sense to switch to containers and have different parts/components updatable by piece or all at once.
  • Determine how testing will be done to the application.  This project had no unit or integration tests.  Any change of the code needs to be manually verified with the knowledge that other areas of the tool could break.  We implemented a basic testing framework and focused on adding tests as we fixed bugs and/or implemented new features.
  • Determine how deployments will be done.  The old application was updated by hand on the server.  We moved it to a bamboo deployment plan which pulled docker images down from our private repo and started them with a docker-compose file.  Now when deployments are done it is automated and done by the machine which greatly reduces the errors made by someone making the changes.
  • Determine when and how the "lift and shift" will happen from the old production server to the new pristine server.  Keep in mind that with any active application communication is key.  Users need to be aware when maintenance windows will happen and understand "how" to handle this time in their day to day jobs.  Very much like a disaster incident, folks will need to know how to do work without this system for the short period of time.  Have a shadow period with both systems up and running.  This way you can always hit the o sh88 handle if things are found missing (or wrong) on the new system.
  • Determine where issues, complaints, and feedback will go during the cut over AND moving into the future.  We have a designated email distro list setup just for this.  Next step for us is to automate the case creation off of email submissions (ie: outage email submitted, case created and put in IT team queue for resolution)
  • Document and make known where your documentation is for the application, system, and environment.  If your IT team has to respond to outages they better know where to go and what to do.
  • Make an effort to understand WHY and WHAT areas of the tool/application are used for operations.  Times change, new technology/tools come along, don’t repeat the same steps when new and improved actions can happen.  Management input will be a huge portion of this discussion, they will need to drive the change and what will happen with legacy applications in your workplace! 


​
0 Comments

The Drain

9/21/2018

0 Comments

 
Picture
While trying to implement an Agile development environment with a new team a few years ago one of the developers said to me; "I don't like Agile, it makes the whole team mediocre. Your bad developers will bring the team down and your good developers will have to slow down to wait for the rest."

It's a comment that has stayed with me ever since.

Like many things in the Agile world it is easy to point at "Agile" and state that IT is the issue when the underlying issue has nothing to do with Agile practices/ways. 

When applying Agile practices to a team/group/project it is important to remember that it isn't a cure all for any problem you have.  I've seen Agile work great, taking a great team and improving their execution, communication, and collaboration.  I've also see the 'other' side of Agile when a group/team of individuals are brought together for a project and nothing can help the outcome. 

It takes MORE than just AGILE to have a high performing team.  Agile helps with recommending different frameworks or methodologies but how they are implemented, adjusted, and stream lined is really up to the people that make up the team.  If the team is not ready to ask the hard questions...    I'm not talking about the hard questions related to a project, but the hard questions for people: 
  • Do they have the drive to go above and beyond?
  • Do they execute on what they say they will do?  
  • Are they constantly trying to learn and better themselves?
  • Are they trying to achieve goals?  Both personal and business? 

Agile will NOT solve the above issues!  But as a manager/project lead/team lead you need to have a way of righting the ship when team members do NOT have the drive necessary to deliver.   This comes in a couple different ways at different times during a project/employee cycle.

1.  Hire the RIGHT people! 
A line that is easier said then done.  Where do you start?  You can always start with the skills necessary to fill a role.  Or you could look at how the current team interacts and ask what type of traits make up a good team member.  At times there are soft skills that are more important than the technical skills.  If i can train you up on what is needed and you have the drive and determination it might suit me well to do that vs hiring someone with that type of experience and being stuck with an under performing employee that will do the bare minimum and 'punch the clock' day in and day out.  

Hiring the RIGHT developer can be tricky, you can't take a Entry level Developer and push them into a Sr Dev role, this is where the experience is necessary.  You need someone in the Sr Role who can help mentor and motivate the younger developers on the team.  Ideally the Sr Dev is a 'teacher' and will help the team in software architecture, design, and best practices necessary to build great applications. 

But when hiring a less experienced developer if they have the skill set and know how in a specific programming language you will have flexibility to train them in another language.  With the pace of technology today new languages, techniques, and frameworks are available to make the development process easier and provide an equal playing field when switching languages. 

I do recommend having some level of code challenge/scenario the interviewee should run through during the interview process so you can verify they are able to do what they 'say' on their resume. 

Lastly TAKE THE TIME to have all team members and folks associated with the project meet the candidate during the interview process.  Everyone will have their own perception of the candidate and this is valuable feedback when determining if they are the right fit for the team AND team members will be more invested in new hires if they are part of the process and have a 'vote' in the decision. 

It's a LOT easier to NOT hire someone vs dealing with PIPs and/or performance issues after they are on board.  Look for the red flags in the interview process and if anything feels 'off' examine why. 

2. The Legacy Developer
Teams are made up of all types of people and personalities. What do you do if you take over a team/project with members who have been involved for years and under performing?

First off don't make any changes right away!  Learn how the team operates (or doesn't)   See how folks interact, do they work together or in silos?  Do they share information and techniques?  Do they help each other?  Or does that only happen when the 'manager' dictates for folks to help each other?

Talk to the team members.  Start up a 1v1 at least once a month to discuss the goals and aspirations of the team members.  Great book on 1v1 conversations:    Behind Closed Doors: Secrets of Great Management   

Sometimes employees are NOT doing what they want in their work/career.  Having these conversations are hard but needed.  Knowing 'what' an employee would like to be working on can help YOU put them in the right place when the opportunity arrives. 

If the developer is not producing have the talk, be honest and let them know what you expect. 

If the developer does not start producing after a few of these talks then it is time for a Performance Plan.  Don't wait on this step!  It sucks having to put anyone on a PIP but what sucks more???  Months of wasted time and effort on a project!
​

3.  ​Set expectations
Set clear expectations!  Ideally in an Agile 'team' the team members will be defining what they expect from themselves and others on the team.   Holding each other accountable when expectations are NOT met and offering helping when needed.  Different teams handle this in different ways.  On some of the Scrum teams i have been a part of this happens in different areas:
1.  Sprint Planning - Setting the Sprint Goal.  This is an expectation for the iteration.  The Team is 'committing' to the goal so a precedent is set that this will be achieved. 
2.  Day to Day Process - Software Development has many steps and teams handle these steps in different variations.  For example;  many teams have some form of code review before code is merged into 'master'/the product. 
  • The team defines what needs to happen to 'get' to a Code Review
    • Passing Build
    • Definition of code change
    • Testing steps
  • What is expected by the submitter
    • Best Practices are met:  code style, formatting, functionality, etc
    • Answering questions from team
    • Presenting to the team (if doing group code review/learning session)
  • What is expected by the reviewer
    • Pulling branch down and checking locally
    • Commenting and questioning 
  • Overall expectations that need to be met BEFORE the code merge 
    • Multiple approvers

Here is a great article (which leads to other articles) on ways to set expectations and have these discussions: letsgrowleaders.com/2018/08/21/how-to-motivate-your-team-stop-treating-them-like-family/

4.  Provide a way to improve/learn

As part of the feedback and expectations you will need to provide a way for them to improve. Point them in the right direction.  Could be: 
  • ​ google :)   
  • An on-line learning site like Pluralsight or Udemy . 
  • Your companies internal Learning system
  • A colleague/mentor with experience/knowledge in the area
  • A book 

5.  Provide the Vision

There are times in business where the day to day gets a little ho-hum and the excitement might not be there.  YOU need to provide the team a vision of where you will be 'in the future'.  Could be a vision for next month, 6 months, or a year.  People do better when they know where they are headed.  This might be a difficult task if vision and priorities are shifting within the company.  If so, focus on the SHORT AND OBTAINABLE opportunities which the team can do!  Things that will allow the team to brush up on existing technologies, learn new technologies, update those build/deployment plans which haven't been touched in a year.  Small victories but victories none the less!

0 Comments

All Aboard

12/27/2017

0 Comments

 
I updated my All Aboard presentation.  It's my thoughts on project management, vision, goals, and impediments. 
0 Comments

Raking Leaves - Small steps towards the Big Goal

11/6/2017

0 Comments

 
Some thoughts around team management and project management. 

Using small incremental steps to build up to the big project. 

​Happy Fall everyone!
0 Comments

    Author

    Security Researcher with about 20 years in the Computer Security Field. Going to talk even if no one is listening..

    email: mrbartlett <at> mrbartlett.com

    View my profile on LinkedIn
    Picture

    Archives

    January 2022
    June 2021
    February 2020
    June 2019
    October 2018
    September 2018
    August 2018
    March 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    December 2015
    August 2013
    January 2013
    September 2012
    June 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011

    Categories

    All
    Activation
    Agile
    Backup
    Centos Vmware Interfaces Error
    Collaboration
    Communication
    Computer Security Scans Passwords
    Conferences
    Drones
    Emergency Response
    Exploit Kits
    Exploits
    Life
    Links
    Malware Security Dnschanger
    Organization
    Passwords
    Patches
    Phish Security Email
    Project Management
    Rfun
    Scrum
    Security
    Security Blackhole Exploit Kit Browser Phish
    Security New
    Software Development
    Team
    Windows
    Work

    RSS Feed

Powered by Create your own unique website with customizable templates.