Agile PMs need more than recycled process notes

Agile adoption requires a change in values, not just a change in process. That's the message of the Agile Manifesto, and everything we've learned in the year since the Manifesto's publication has only expanded and emphasized it. We might not have all the specifics on how that relationship works (for example, does an "Agile culture" automatically dictate Agile practices?), but the correlation is definitely there.

In technology companies, these values are critically important, since technology does not just improve the business, it is the business. Agile changes how teams develop and deliver technology. In a technology company, delivery includes practically everyone outside the development team—marketing, sales, support, consulting, partners, you name it. Beyond the janitorial staff, it's hard to think of someone who won't be effected when a tech company goes Agile.

Consequently, product managers and product marketers, sitting on the border between the development team and everyone else, are simultaneously the agents and targets of Agile transformation. For example, when monolithic releases crumble into many smaller iterations, people throughout the rest of the company have obvious questions, such as,  When can I tell a customer to expect the enhancement they've wanted for the last two years? When is the next time we're going to have to do sales training? When will we have delivered enough new value to merit a product launch? PMs facing this situation will have to make adjustments to their own work, such as building and communicating the product roadmap.

Read more

Symantec: Looking like a security company again

I attended the Symantec WorldWide Industry Analyst Conference earlier this week. Here is the "net" of my impressions / takeaways from the event, not necessarily reflecting any specific statements by Symantec.

  • Symantec is more pointedly focused on being a security company. Symantec is re-orienting its strategy and position on information protection foremost, with systems management (Altiris, etc) and information management (Veritas, etc) being subservient to that broader mission.

Security took center stage at this event. The storage and availability management portfolio was mentioned quite a lot, especially de-duplication, but most of it was subservient to the broader security context. There was hardly any mention of Altiris solutions until a deep-dive on the second day. Security is certainly Symantec’s strength, even as its Storage and Availability Management portfolio is a major component of its overall revenues and profit.

  • Symantec’s articulated unique value proposition is in providing coordinated security in a world of complex threats. Symantec’s management heritage and breadth of portfolio lends itself to this .

As Symantec competes on the plane of security against Kaspersky, LANDesk, IBM ISS, McAfee, Microsoft, Postini/Google, and Trend Micro, that makes sense.

Read more

Launch of Forrester's 2010 Security Survey

We’re just ramping up at Forrester to start our 2010 Business Data Services’ Security Survey. To begin, I’ve started taking a measured look at last year’s questions and data. Additionally, I’ll be incorporating input from those analysts with their ears closest to the ground in various areas, and will be considering the feedback from our existing BDS clients.

I also welcome input here into what you would find useful for us to ask of senior IT security decision-makers, as development of the survey is take place over the next three weeks.

The survey is scheduled to be fielded in May and early June—with the final data set becoming available in July. The projected sample size is 2,200 organizations across US, Canada, France, UK, and Germany: split roughly 2:1 between North America and Europe, and with a 55/45 split for SMBs (20-1000 employees) vs. enterprises (1000+ employees). Concurrently, we ask a separate set of questions to respondents from “very small businesses” (VSBs) with 2-19 employees.  We also set quotas around industry groupings, so each industry is appropriately represented. We source our panel from LinkedIn, which provides an excellent quality of respondents.

The Security Survey is an invaluable tool that provides insight into a range of topics critical for strategy decision-making: IT Security priorities, challenges; organizational structure and responsibilities; security budgets; current adoption and across all security technology segments, be they as products or as SaaS/managed services, along with associated drivers and challenges around the technology.

Here are a few valuable data points from last year’s survey:

Read more

Against a grand theory of PM, part 3

In the first and second parts of this series, I argued that people who write about product management and product marketing should be circumspect in their choice of topics. A field that's as young as PM in the tech industry isn't fertile ground yet for a grand theory of what the profession is all about. Categorizing the PM function was a good first step; now, we're in the middle of building "middle-range theories" about PM. A good set of field-tested guidelines for researching requirements, doing market opportunity assessments, or crafting the right marketing mix would be pretty darn good, thank you very much.

Aristotle beats down Plato in no-holds-barred epistemological cage match
In fact, middle range theories are an essential precondition of a grand theory. Big, unifying ideas, such as special and general relativity, don't come before the observation of the real world. (Sorry, Plato: the people who spend a lot of time in caves get prison pallor, not "actionable insights.") They always come after, when a set of hypotheses that seemed to work pretty well, until you noticed that the planet Mercury wasn't in the right place, made hash of them. Then, someone fretted over the inadequacies of these tenets, and after a fair amount of head-scratching and hair-pulling, came up with the big unifying idea.

Read more

Brütal Agile

One of the great things about researching Agile is, given the scope of both its applicability and effects, you'll never run out of interesting topics. Agile product management, Agile used outside development, contract details in Agile projects, Agile channel management, the effect of Agile on requirements—researchers like myself and Dave West, writing about Agile directly, will have plenty to do for years to come. So, too, will others, like Mary Gerush, exploring the effects of Agile on requirements and other aspects of development.

As Agile goes mainstream, video game developers like Bioware have taken the Agile plunge. This corner of the technology market is very interesting because of the high level of challenge. In some cases, video game developers face extreme versions of common problems, such as an unforgiving standard of product quality. (Ship a crappy product, and your dreams of making obscene wealth will be replaced with the nightmare of watching your game vanish from retail channels.) Other challenges are unique to the video game industry, such as managing all the creative talent—artists, musicians, and actors—critical to product success.  (But heck, if you get to meet John Cleese, Claudia Black, or Gary Oldman, the work can't be all bad.)

Read more

Security of open source: Sunlight disinfects, but does it introduce germs as well?

The security of open source software took a small hit this week as Mozilla reported that Firefox currently contains a root certificate authority that has no owner.  The fear being that this is a bogus CA inserted by hackers to provide trustworthiness to malicious sites.

This potentially provides an example of a nightmare scenario the anti-open-sourcers talk about: that hackers can inject back doors or introduce vulnerabilities within the open source development process.

Indeed, Fortify is drawing a rather extreme conclusion to this situation with its European director, Richard Kirk, stating that “this tilts the balance in favour of Microsoft’s Explorer”. That’s a ridiculous claim: in the browser war, this event will not move the needle one way or another. All it’s served to do is get much of the security community (which tends to favor openness) to jump on Fortify. Besides, while good theoretical arguments are made on both sides of the “security of open source versus closed source” debate, in practice it comes down to, well….practice. And it has been shown that one of the best practices is openness: whether closed or open source, an open and transparent disclosure process improves security over time.

I do agree with what Fortify’s Kirk says later, that “The important thing to stress, however, is the need for software security testing to identify and remove vulnerabilities from applications, rather than simply trying to block attacks on software by securing the network.”

Lesson #1: DO use these moments to offer constructive advice by raising awareness of issues and solutions.

Read more

Product managers must have the opportunity to be leaders

Advice to PMs about how to do their jobs better is valuable, up to a point. Inspire PMs to be stronger, better, faster. Delineate all the important contributions they might make. Arm them with advice on how to make these contributions. None of this guidance will have any substantial effect if PMs don't have the backing of their employers.

A prime example is PM's role in innovation. PMs are usually better positioned than anyone in a technology company to answer critical questions about innovation such as, Is this a good idea? If so, what's the market for it? Can we operate in this market? And so on.

Unfortunately, opportunity and reality don't always meet. Maybe the PM raises these questions, but can't get the answers. Or, the PM has the answers, but the organization isn't inclined to listen. Frequently, the innovation process—or, more accurately, the lack of process—doesn't give the PM the opportunity to ask and answer these questions at all, particularly as an idea gets momentum in the development cycle. (For instance, try pulling the plug on a CTO's pet notion, once development is underway.)

Leadership doesn't just happen, just as innovation doesn't just happen. Just look at the history of the US highway system.

Read more

Please Join My Video Research Agenda

Over the past three years I have increased my analysis of the video communications market as our clients curiosity about video has mounted.  I would like to invite you to continue this video research agenda with me by sharing your best and worst video experiences, but first some background.

Three years ago I published a report titled “Videoconferencing Rises Again” in which I predicted a rise in adoption and utilization of video conferencing.  In researching this report, I heard a great deal about the ways in which video improved processes as diverse as corporate training, product development, and field force management – Volume of Forrester Client Inquireis realted to Busienss Videoand the various video solutions that best served these processes.  These processes were better served using a new breed of video solutions that relied on high definition resolution (codecs and displays), dependable IP-based networks, and intuitive user interfaces.  Since then video conferencing deployments and utilization have risen again- - like the phoenix rising from the ashes.   

These technological enablers have been supported by the remarkable adoption of video in consumer and social networking solutions, giving rise to a ‘video-native’ generation entering the workforce.  In short order, Forrester clients have taken note and the number of our clients who have inquired about business video has nearly doubled each year as shown in this graph from my most recent video report titled “How Tech Strategists Can Ride The Coming Tidal Wave Of Business Video.”

Read more