Monday, January 27, 2014

software development efficiency metrics



Most large companies invest heavily in application development, and they do so for a compelling reason: their future might depend on it. Software spending in the United States jumped from 32 percent of total IT corporate investment in 1990 to almost 60 percent in 2011 as software gradually became critical for almost every company’s performance. Yet in our experience, few organizations have a viable means of measuring the output of their application-development projects. Instead, they rely on input-based metrics, such as the hourly cost of developers, variance to budget, or percent of delivery dates achieved. Although these metrics are useful because they indicate the level of effort that goes into application development, these metrics do not truly answer the question: how much software functionality did a team deliver in a given time period? Or, put another way, how productive was the application-development group?

Applications have been developed over decades during which time personnel have changed, coding practices have changed, numerous fixes and patches have been applied, documentation standards have fluctuated and systems have become more complex.  As a result developers often find themselves poking around in the dark when it comes to maintaining systems; error searches can be quite elaborate even for the smallest of mistakes and it can take days or even weeks to understand the impact of code changes on related applications.  And a lack of, or inadequate analysis tools means cost-estimates for change requests have become a matter of 'gut instinct'.

There are technical reasons that organizations can address and with comparatively little investment could make a significant improvement to the efficiency of their development team.

Some tips to help you to improve the efficiency of your software development team:

Optimization : Optimize your application development; it is not necessary to embark on complex migration and transformation projects.
Software development augmentation : Make great business decisions about which change requests to implement: prove that the change links to a valued business outcome.
Code Quality: Improve code quality.  Purchase plugins that enable you to integrate your development standards into your development environment thus ensuring that the quality of your software improves bit by bit.  Quality plugins will also enable you to compare your program with market standards such as the maintenance index. This a continuous process
Code performance:  Improve the speed of application understanding.  Purchase plugins for the development environment which cover every conceivable aspect of code analysis, including impact analysis.  This will ensure that developers can analyze the sources of other team members very quickly from within their usual work environment, grasp dependencies and understand the data stream.  Ensure that the plugins also provide a database-based repository and symbol tables to serve as a foundation for executing code changes at the field level.
Reduce number of systems in Enterprise:  Integrate across software development tools with tools such as that from IBM Rational.
Build efficiency  measures: Establish a cycle of assessment, improvement and quality control to ensure that the team's efficiency does not regress.  Use reporting and dashboards as instruments of change to inspire learning and continuous improvement.

Let’s discuss the most easy way to start developing matrices for software development efficiency

Use cases : In addition to lacking a viable methodology for measuring productivity, organizations often don’t have a robust way to gather and organize functional and technical requirements for application-development projects. Instead, they list requirements in what often amounts to little more than a loosely structured laundry list. Organizations may have used this laundry-list approach over a long period of time, and it thus may be deeply entrenched.

As a result, these organizations find it difficult to fully and accurately capture requirements and align them with the needs of their internal or external business clients. Their application-development projects tend to suffer the inefficiencies of shifting priorities, last-minute change requests, and dissatisfied business users. In our experience, these changes often amount to cost overruns of 30 to 100 percent.

We believe use cases provide a logical and structured way to organize the functional requirements of an application-development project. Each use case is a description of a scenario under which the user of an application interacts with that application. For example, a UC for an online-banking application might describe each of the steps that a bank customer follows to log into her account and check the balance of available funds, as well as the transactions involved when that application calls on a database to pull up the stored information.

Another use case for that same application might involve the customer transferring funds from her checking to savings account. More specifically, UCs describe “actors”—the human users or systems that interact with the application in question. UCs also describe “transactions,” or how the application interacts with actors and performs a function. Related UCs can be logically organized into sections and chapters with a table of contents so that  developers and their business clients can understand the overall structure of the application.

By focusing first on business objectives and the functional requirements of applications rather than on the technical requirements, both business leaders and application developers find UCs easy to understand. Technical requirements and design choices can then be organized around UCs. This structure expedites the requirements-gathering phase of the software-development life cycle. It also lowers the risk of failing to incorporate the functionality required by the business and thereby reduces the amount of costly change requests and rework during the subsequent design and build phases. UCs also make it easier to write functional test cases—and thus expedite the testing process on the back end of development.

Use-case points :  Use-case points, as the name implies, are derived from the information captured in use cases. UCP calculations represent a count of the number of transactions performed by an application and the number of actors that interact with the application in question. These raw counts are then adjusted for the technical complexity of the application and the percentage of the code being modified. These are similar to function point in some way.

The members of one application-development group recently calculated the UCPs for 12 of their completed projects. The leader of that group, who was intimately familiar with the 12 projects, also independently gave each project a relative score representative of the software functionality delivered. The high correlation between the UCP calculations and the leader’s scores (greater than 80 percent) suggests that UCPs are highly reliable in measuring  output and can be used to accurately and equitably measure productivity across teams (exhibit). Based on our experience, productivity across  application-development teams can differ by more than 50 percent and often by as much as 100 percent. UCPs accurately measure software functionality to within 10 to 15 percent. Consequently, the accuracy of UCPs is more than sufficient to help determine the productivity of teams.  Moreover, UCPs do not take a lot of training to calculate, and the calculations can be completed in less than a day even for large projects. UCPs can be calculated early in a project’s life cycle and then refined as more requirements are specified and more of the design work is completed. As a result, they are useful for project planning, in-flight performance management, and retrospective performance evaluation.

In general, UCPs are applicable to waterfall4 development and can be used by teams following agile5 methodologies as long as the agile teams use UCs to gather requirements. UCPs, because they are simple to calculate, can also be easily rolled out across an organization.

The transformation challenge : Organizations that have successfully adopted use cases and use-case points have usually started with a pilot that may involve several teams and a portfolio of new projects on which to test the new approach. The organization will need to design the processes and tools to make use cases and use-case points operational. For example, the organization will need to address such questions as what template or tool the team should use for capturing UCs and calculating UCPs, how the organization will ensure that everyone is following the standard process, and how the metrics will be displayed and discussed.

Once the new design is complete, the pilot teams will train with the new processes and tools. Pilot teams can use previously completed projects to practice creating UCs and calculating UCPs. From there, the organization runs a pilot on actual projects to refine the processes and tools while addressing any gaps in the design. After completion of the pilot, organizations usually roll out UCs and UCPs more broadly in waves across the organization.

Throughout this process, it is critical to communicate a compelling change story. For example, the pilot team will need to explain the benefits of use cases to the business units, which naturally will be sensitive to any changes in the way requirements are gathered. Perhaps more important, there will likely be some resistance from within the development teams, whose members may not enjoy having their productivity measured.

What is critical for the ultimate acceptance of UCPs is how the leadership uses them. Developers will understand the rationale for using metrics to identify projects that are at risk of going off track. They will also understand the benefits of more accurately determining resources and timelines for projects, without over or under scoping functional requirements. There is little that is more frustrating to application-development teams than pulling all-nighters to deliver what the business doesn’t want or doesn’t need, and then having to redo much of their hard work. If, however, UCPs are used merely  as a means of rewarding or penalizing application developers, there is a much higher probability that there will be serious resistance.

The journey toward integrating a more efficient and effective way of gathering application-development requirements with a reliable output metric is not without its difficulties. However, the rewards are well worth the effort in a world where application development is an important key to success for almost any large enterprise.

Ravindra Pande is an certified estimator & Agile coach for various institutions & organizations. He implement Agile methodology , service augmentation for software development process, implementation of specific matrices for a given enterprise is his forte. Can be contacted at ravindrapande@gmail.com or skype RavindraRPande

Saturday, January 18, 2014

20 tips on eCommerce web site security



Need :  One of my primary sources of fear is that fraud seems to be all around us. When we hear of the websites of the best of companies getting hacked all the time, I know that I am small fry. Be it Sony or Google, just to name two tech giants, both have been the targets of hacking. If they could not protect themselves, how will I? I think that I am not alone in my fear. The fact that I am an eCommerce professional not withstanding, I fear that someone somewhere wants to defraud me.
Without trust, most prudent business operators and clients may decide to forgo use of the Internet and revert back to traditional methods  of doing business. To counter this trend, the issues of network security at the eCommerce and customer sites must be constantly reviewed and appropriate countermeasures devised. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the eCommerce site itself.
A straightforward comparison could be made of the security weaknesses in the postal system vs. security weaknesses on the Net. The vulnerable spots in both cases are at the endpoints – the customer’s computer/network and the business’ servers/network. Information flowing in the conduit (trucks/planes and wires) is relatively immune to everyday break-ins. Privacy issues are amongst the major drivers for improved network security along with the elimination of theft, fraud and vandalism. Two major threats to customer privacy and confidence come from sources both hostile to the environment as well as sources seemingly friendly.
Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and server environments, also serving to alert eCommerce users of potential threats.

Even one hour of downtime due to a website outage or a malicious attack can have significant impact on a retailer's reputation and revenue, especially during the holidays, a time which the National Retail Federation says can add up to 40 percent of an online retailer's annual revenue. With some large e-commerce sites earning millions each day during the holiday season, even a few minutes of downtime can lead to financial losses in the tens of thousands of dollars, not to mention customer frustration.

With the stakes so high, internet retailers need to adopt a 360 degree approach to security during the holiday season, and year-round ideally. Luckily, there are steps they can take to ensure this. It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from ecommerce sites. So how do you protect your ecommerce site from being hacked and sensitive customer data from being stolen? Let’s understand how ecommerce and security experts do it. Following are top 15 tips for protecting your ecommerce site from hacking and fraud.

1. First, prepare for the worst, plan for the best. To ensure website availability and security, online retailers must prepare for the worst through escalation and incident response planning by outlining standard operating procedures for downtime, including establishing and training incident-response teams. They should also monitor their site diligently to determine service health and identify anomalies quickly and accurately, as well as provide failover to back-up IP addresses to ensure the site is always available.

2. By improving your infrastructure is important. Optimize the scalability and performance of your internet infrastructure with demonstrated management of the increased traffic load coming your way during the holiday shopping season. Whether you manage your site internally or through a vendor, a track record of maintaining satisfactory service levels during the rest of the year may not be a reliable indicator that service levels can be maintained during the peak holiday traffic season. If scalability and performance of your infrastructure are not optimized, it could damage your sales revenue and reputation at the worst possible time.

3. Platform Selection : Most important is to choose a secure ecommerce platform. Put your ecommerce site on a platform that uses a sophisticated object-orientated programming language. Many of my clients used plenty of different open source ecommerce platforms in the past and the one we're using now is by far the most secure. Starting with administration panel which is inaccessible to attackers because it's only available on our internal network and completely removed from our public facing servers. Additionally, it has a secondary authentication that authenticates users with our internal Windows network.

4. Secure Connections : Use a secure connection for online checkout--and make sure you are PCI compliant. Use strong SSL [Secure Sockets Layer] authentication for Web and data protection.  This can be a leap of faith for customers to trust that your ecommerce site is safe, particularly when Web-based attacks increased 30 percent last year. So it's important to use SSL certificates "to authenticate the identity of your business and encrypt the data in transit, This protects your company and your customers from getting their financial or important information stolen. Integrate the stronger EV SSL [Extended Validation Secure Sockets Layer], URL green bar and SSL security seal so customers know that your website is safe. SSL certificates are a must for transactions. To validate our credit cards we use a payment gateway that uses live address verification services right on our checkout, This prevents fraudulent purchases by comparing the address entered online to the address they have on file with their credit card company.

5. Scrap data outright which is no needed for future use.  Don't store sensitive data. There is no reason to store thousands of records on your customers, especially credit card numbers, expiration dates and CVV2 [card verification value] codes, In fact, it is strictly forbidden by the PCI Standards, We recommends purging old records from your database and keeping a minimal amount of data, just enough for charge-backs and refunds.  The risk of a breach outweighs the convenience for your customers at checkout, If you have nothing to steal, you won't be robbed. As simple as that.

6 DDoS : Don't forget about DDoS. With the increase in size and complexity of distributed denial-of-service (DDoS) attacks, companies should consider leveraging upstream service providers to protect both Web servers and DNS. If either goes down, a company could be out of business. A cloud-based approach to both DNS management and DDoS protection provides a cost-effective alternative to maintaining uptime.

7 Security Best Practices / Measures: Make sure to implement security best practices by partnering with a security provider for holistic support. Not all ecommerce sites can develop an internal cyber intelligence capability. Security service providers can help to quickly identify and understand the various security incidents and their implications, determine effective mitigation and remediation tactics, and develop a clear plan to enhance security. For the holiday season in particular, online retailers should take advantage of holistic services that are designed to help protect e-commerce sites during the peak online shopping season. Delivered via the cloud, such services combine fully reliable DNS resolution and DDoS attack protection to support critical Web-based systems and reduce the risk of downtime.

8. Employ an address and card verification system. "Enable an address verification system (AVS) and require the card verification value (CVV) for credit card transactions to reduce fraudulent charges

9 empower user with strong passwords :. Require strong passwords. While it is the responsibility of the retailer to keep customer information safe on the back-end, you can help customers help themselves by requiring a minimum number of characters and the use of symbols or numbers, longer, more complex logins will make it harder for criminals to breach your site from the front-end.

10. Set up system alerts for suspicious activity. Set an alert notice for multiple and suspicious transactions coming through from the same IP address. Similarly, set up system alerts for multiple orders placed by the same person using different credit cards, phone numbers that are from markedly different areas than the billing address and orders where the recipient name is different than the card holder name.

11. Multi Layer security. One of the best ways to keep your business safe from cyber criminals is layering your security. Start with firewalls, an essential aspect in stopping attackers before they can breach your network and gain access to your critical information. Next, add extra layers of security to the website and applications such as contact forms, login boxes and search queries. These measures will ensure that your eCommerce environment is protected from application-level attacks like SQL (Structured Query Language) injections and cross-site scripting (XSS).

12. Provide security training to employees. developers , Employees, operators  need to know they should never email or text sensitive data or reveal private customer information in chat sessions as none of these communication methods is secure. These managers also need to be educated on the laws and policies that affect customer data and be trained on the actions required to keep it safe. Also we could use strict written protocols and policies to reinforce and encourage employees to adhere to mandated security practices.
Employee training is crucial as is an ongoing effort to build security compliance.  Today’s enterprise is under constant attack, there’s simply no denying that. And there has never been a more important time to have timely and actionable insight into what’s going on. It takes diligence and commitment for an organization to maintain a secure defense, especially when running an e-commerce store.

13. Use tracking numbers for all orders. To combat chargeback fraud, have tracking numbers for every order you send out. This is especially important for retailers who drop ship.

14. Monitor your site regularly-Internal & externally  :Make sure whoever is hosting it is, too. Always have a real-time analytics tool, It's the real-world equivalent of installing security cameras in your shop. Tools like Woopra or Clicky allow you to observe how visitors are navigating and interacting with your website in real time, allowing you to detect fraudulent or suspicious behavior. With tools like these we even receive alerts on our phones when there is suspicious activity, allowing us to act quickly and prevent suspicious behavior from causing harm. Also, make sure whoever is hosting your ecommerce site regularly monitors their servers for malware, viruses and other harmful software .
Ask your current or potential Web host if they have a plan that includes at least daily scanning, detection and removal of malware and  viruses on the website.

15. Perform regular PCI scans. Perform regular quarterly PCI scans through services like Trustwave to lessen the risk that your ecommerce platform is vulnerable to hacking attempts, if you're using third-party downloaded software like Magento or PrestaShop, stay on top of new versions with security enhancements. A few hours of development time today can potentially save your entire business in the future.

16. Patch your systems. Patch everything immediately--literally the day they release a new version. That includes the Web server itself, as well as other third-party code like Java, Python, Perl, WordPress and Joomla, which are favorite targets for attackers. Breached sites are constantly found running a three-year-old version of PHP or ColdFusion from 2007, So it's critical you install patches on all software Your Web apps, Xcart, OSCommerce, ZenCart and any of the others all need to be patched regularly.

The cloud approach will help [eCommerce businesses] trim operational costs while hardening their defenses to thwart even the largest and most complex attacks. In addition, a managed, cloud-based DNS hosting service can help deliver 100 percent DNS resolution, improving the availability of Internet-based systems that support online transactions and communications.

17. Consider a fraud management service. Fraud does happen. And for merchants, the best resolution is to make sure you are not holding the bag when it does. Most credit card companies offer fraud management and chargeback management services. This is a practical approach to take because most security experts know there is no such thing as 100 percent safe.

18. Regular Backup : Make sure you or whoever is hosting your site is backing it up--and has a disaster recovery plan. Results from a recent study by Carbonite revealed businesses have big gaps in their data backup plans--putting them at risk for losing valuable information in the instance of power outage, hard drive failure or even a virus. So to make sure your site is properly protected, back it up regularly--or make sure your hosting service is doing so.

19  Data Security :Research uncovers 89% of attacks continue to target your customer records. With data as the lifeblood of all organizations, it's no wonder securing intellectual property and meeting compliance requirements continue to be a challenge. For every business challenged by increasingly complex threats, Choose a good data security solutions to keep it simple so you can keep growing. With Data Security offerings you gain good content protection and control throughout your entire enterprise – from the desktop to the network perimeter and for your data at rest and in motion.

20 Create an Office Environment Where People Appreciate the Value of Privacy and Security. It is important that you sensitize your people to avoid being callous when they handle data. If you are a professional eCommerce business, you will have several employees who have varying extents of access to data. As a business manager it is your job to train people on handling the data right.

The e-commerce industry is slowly addressing security issues on their internal networks. There are guidelines for securing systems and networks available for the eCommerce systems personnel to read and implement. Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the e-commerce security architecture. Trojan horse programs launched against client systems pose the greatest threat to e-commerce because they can bypass or subvert most of the authentication and authorization mechanisms used in an e-commerce transaction. These programs can be installed on a remote computer by the simplest of means: email attachments. Training programs, orientation programs will become more critical in order to increase the general populace's
awareness of security on the Internet. IT and financial control/audit groups within the eCommerce site should form an alliance to overcome the general resistance to implementing security practices at the business level. Industry self-regulation of consumer privacy appears to be ineffective. The FTC privacy survey and its recommendations to Congress may result in the introduction of legislation on privacy issues.

Thursday, January 9, 2014

Agile Pushing/Pulling a study



Introducing Agile methods to a team in an organization deeply rooted in waterfall ways is tough, especially when the culture is risk-averse and well-established. But you can be a catalyst for change and help your team learn to be more agile by following three simple practices.
About my learning, I learned Agile methods early on from some of the industry’s best, practioners, Trainers.  For more than 15 years, I was part of an organizations that embraced Agile values, was customer-connected, and focused on continuous learning. And then as life progressed I changed jobs. More importantly, I changed organizations.
The culture shock was intense as I went from the world I knew of embracing change, to a culture that spoke of learning and growth, but was weighted down in waterfall ways and cemented in processes averse to change. Instead of co-creating value with the customer and validating along the way, I found myself among a sea of BUFD (“Big Up-Front Design”), and the customer at the tail-end of the process.
I had my work cut out for me. I could be a fish out of water, or I could teach others to swim. I chose the latter. Otherwise, it was not just me at stake, the organization would sink in today’s highly competitive world.
But I was intimately familiar with organizational change gone bad, and I experienced many situations first-hand where the change agent fails and loses in the end. Luckily, with the guidance of a mentor, I learned that I needed to be a change leader, not a change agent, and that starting small, and building momentum is the key to success.
Early on, I it was like pushing rocks up hill. I did brown bags, I gave out copies of my book, Getting Results the Agile Way, and tried to preach the gospel of the Agile ways, but it fell on deaf ears, or, in other cases, the student wasn’t ready. But the irony was that the organizational pain was exactly the impetus that would justify going Agile. There was a lack of clarity in customer demand. People were over-worked and felt under-appreciated. Change was a constant on a daily basis, and yet people could not respond quickly enough or use the change to their advantage.
And then, I changed my approach. Rather than “push” Agile, I inspired people to “pull” it. I did so in three specific ways:
1) Ask better questions
2) Lead by example and
3) Reinforce positive behaviors.

Together, these simple practices inspired others to learn and adopt more Agile approaches in their thinking and in their actions, and this built momentum over time.

 Ask Better Questions
I started asking simple questions in the hall, to key people. The most important question I started with was: “What were our 3 Wins from last month?”
I would tee it up by saying, “We put in a lot of hours last month. Looking back, what are the actual wins we have under our belt?” It was a simple way to get leaders reflecting on how well all the hours we throw at work are leading to significant outcomes … or not.
Looking back was now the key to looking forward. I would then ask the following question: “What are our 3 Wins we want to achieve for this month?”
Soon, people started thinking in terms of outcomes for the month. It was no longer good enough to throw a bunch of time at things and accomplish a bunch of tasks, and yet have no simple stories of success, or customer victories to show for it.
I didn’t stop there though. To reinforce the idea of chunking up things and thinking in terms of incremental value, I asked simple questions in team meetings and in my 1:1 with my manager:
What were your 3 Wins for last week?
What are your 3 Wins for this week?
What are our 3 Wins we want to achieve for this year?
Questions served as the prompts to start driving better behavior, and getting people to get curious and seek better ways to find their 3 Wins. 

 Lead by Example
People learn from others and they model the behaviors they see — especially if the behaviors they see lead to results they like. The three most important behaviors I set an example for were:
Visualize the workflow on the wall
Daily standup meeting with the team
Pairing up with others to create better, faster work products
To visualize the workflow on the wall, I created a simple Kanban for the team, where people could see our backlog of work items, the current work in progress, and work we completed. I kept it very simple and used only three stages: To Do, Doing, and Done. On Mondays, in our team standup, I went around the team, and asked each person to identify their 3 Wins they wanted to achieve, write them down on a sticky, and add them to the Doing column. Instantly, everybody had a chance to show and share their focus for the week.
For daily standups, I asked the members of my immediate project team to attend a simple “Ten at Ten” meeting. The idea was to spend 10 minutes at 10:00 AM each day to help us stay in sync, deal with any changes or urgent issues, and unblock people on the team. We’d simply go around the team and state three things:
What did you get done yesterday?
What are you working on today?
Where do you need help?
This helped the team stay connected, fluid, and always making progress with focus and momentum.
On pairing, a lot of people were resistant at first, but once they experienced it in action, they latched on to it. They liked the idea that rather than get stuck on something, two people could put their heads together and blast through something faster that might otherwise be death by a 1,000 paper cuts. To get started, if we had to produce a document, I would simply open the document, and start asking questions to frame out of the key outline of the document, and start plugging in key information. Once the skeleton for the document was in good shape, we would then split off, finish things off, then pair back up to do a live review. It was fast, effective and people got to learn from each other at a faster pace than they otherwise could.

 Reinforce Positive Behaviors
This is perhaps the most important way to help a non-Agile team adopt Agile practices. People like to succeed. Catch them doing something right, and call them on it. Use learning opportunities and leadership moments to coach people, not critique them.
The most important person I focused on first was my manager, since he set the tone for others on the team. For example, his strength was focusing on tasks, but not focusing on wins. It was his growth opportunity. When he would identify his 3 Wins he wanted to achieve for the team for the week, I would be sure to tell him how it helped us focus, prioritize and know what was valued. This helped reinforce the behavior by letting him know how it shapes the team’s impact for the week.

So the point is whenever it feels like resistance, figure out the causes for concern or reasons for resistance, and use them as feedback to tune and prune the approach. It's always amazing how one approach can be so much more effective than another, and yet they both attempt to achieve the same goal. And, in my experience, adding "the fun factor" always helps.

As Gandhi said, “Be the change you wish to see in the world.” The key is to start with your immediate world and to bring others with you. The key to bringing others with you is to prompt them with the right questions, lead by example, and reinforce positive behaviors. As a project leader, skilled in the art and science of Agile practices, the world needs you now more than ever. Your success, and the success for those around you, will depend on how well you lift them and help them learn the agile way.

Along these lines, experience tells me three keys to successful change that show up time and again are:
1. Change the approach - I've seen how changing styles or approaches radically helps success
2. Change the time frame - Often, it's too much, too fast. Little wins with momentum works better.
3. Change the people - Sometimes the chemistry is off. Try another change leader. Sponsorship can make a big deal here.
The trick is to become a master of the process and evangelize to terms / jargon, but good ole organization, leadership and communications goes a long way.

And remember, sometimes a great change has the right intent, but unless somebody helps map it to specific benefits by the people impacted, it will meet a ton or resistance. Also, I find people in general sign up for change, when it's not pushed down their throat.

There is a great deal of opportunity to expand Agile into other arenas. In fact, aside from "Agile for Life", my favorite place to apply Agile approaches is to learning and education. One of the ways we improved our success is by doing an "exploration" phase, before we start "execution." During exploration, we collect user stories and system stories, and then prioritize the set with customers to validate the impact. By the time we start executing, we have a great view of what a Minimum Credible Release (MCR) or MVP (Minimum Viable Product) would be. Sure, things change during the development cycle, but this vision of the MCR keeps us grounded.