Fiction writers I've met have said that the hardest section of a novel to write is not the beginning or ending but everything that happens in between. The middle chapters trace the course of the protagonist's struggle in way that must be both engaging and credible. The story of how people adopt Agile successfully also has a beginning, middle, and end. The middle part here, too, poses some of the most difficult challenges. The first chapter is a grabber, with teams energetically and fervently doing daily stand-ups, blazing through sprints, christening a product owner, prioritizing their backlogs, and living through all the other exciting events that happen at the very beginning.

And then the plot takes a different turn. Success at the small team level is fantastic, but how do you fit into a development organization? What if you need to work with an offshore team? How do you maintain velocity when builds take several hours or maybe even a full day? Is it possible to deal with compliance requirements without a significant amount of automation? How do you work better with the ops team so that the speed of deployment matches the speed of development?

Since Agile went mainstream, the number of teams reaching the difficult middle chapters of Agile adoption has increased markedly. Both I and my colleague Dave West answer questions about the middle phases every day. Many of these questions also arise during the yearly conference that the Agile Alliance holds in the US. (This year, it's in Salt Lake City to mark the tenth anniversary of the signing of the Agile Manifesto in nearby Snowbird.)

Now that Agile has moved into the mainstream, it is encountering a whole new raft of challenges, including compliance. The word on the street for at least the past couple of years is that trying to be Agile and satisfy regulatory requirements is a lot like juggling chainsaws and machetes: theoretically possible but certainly not advised.

Fortunately, the word on the street is nearly always wrong. When I started interviewing people who had made Agile succeed in highly regulated environments, I expected to hear a lot of handy best practices that I could synthesize into a research document — essentially, a tactical guide to compliance. If you're a medical device company and you need to document six ways from Sunday how you validated and verified the software embedded in a new device, here's what you might do. If you need to deal with the auditors, here's where an investment in an application life-cycle management (ALM) tool might help. 

Although this type of research depends on interviews, it's worth taking a peek at the available survey data to see if it has any additional insights. And boy howdy, am I glad I did. Sifting through the data collected in the survey that Forrester did in conjunction with Dr. Dobb's Journal, I found the first of two big surprises about Agile and compliance:

Agile adoption in the most regulated industries is not significantly different from the adoption rate everywhere else.

Practically everyone who visits the Vatican stops to take a picture of the Swiss Guards. Ditto for the Queen's Guard at Windsor Castle, the Royal Life Guards at Rosenborg Castle in Copenhagen, and the Evzones at Greece's Tomb of the Unknown Soldier. Those multicolored uniforms may not have a place on the modern battlefield, where camouflage is far more important than panache, but they do attract the tourists.

If, by this measure, these ceremonial units have some value (albeit none militarily), why not have more of them? You could post the newly created Sartorial Guard at tourist locations that haven't been attracting enough foot traffic lately. And who knows, they might even attract more recruits into the real military. (Though I'm not sure what the career path is once you've held the rank of Feldweibel in the Swiss Guards.)

Obviously, I'm not being serious. Once you start manufacturing new ceremonial units, you cheapen the brand. You don't need more than one as a "loss leader" in the military, and there's no need to get the people who actually fight up in arms. Figuratively, that is.

Here's why managing a portfolio is critical for managing products. It wouldn't be hard to find some enterprising "champion" for a new Swiss Guards-ish unit who was willing to sew the uniforms and stand around looking fierce. (We call them re-enactors, and we don't put them on the public payroll.) No matter how much attention they attract, they'll still be a failure from a national perspective.

Last year, colleague Mary Gerush and I wrote overviews of the requirements tools market, noting how it was segmenting to address different problems. (Click here and here for the two studies.) Application lifecycle management (ALM) tools may be undergoing the same evolution, forcing us to accept either a much larger definition of ALM, or several specializations within ALM.

In the requirements market, new tools, or new emphases among tools, were a sure sign that some kind of change was afoot. Several years ago, visualization tools were not only absent from the list of requirements tool capabilities, they were almost completely unknown. Now, any list of requirements capabilities that omits visualization would be incomplete. Several years ago, requirements management was the emphasis of these tools. Now, much of the interesting innovation is happening in requirements collection.

[For the first part in this series, click here.]

Recently, I spoke with a major airline about their adoption of Agile, which they considered critical for a major customer loyalty project. Based on previous experience, the dev team expected the business users involved in this project to move slowly, so they saw Agile as a strategy for being ready to pounce on any opportunity to make progress. How slowly? The current estimation for the project's completion was....[drumroll]...five years. Now that's a customer loyalty program ensured to be left with just the most loyal customers imaginable.

As hair-raising a situation as this might be, it's hardly unique. App dev teams contributing embedded software elements to hardware products must time their deliverables to arrive at key landmarks in the overall release schedule. Compliance requirements weigh down software development with extra documentation and validation. Flawed requirements force teams to go back to the drawing board. Dev managers live and die by the schedule, and there's always something that could jeopardize the schedule. Development is pretty pointless unless someone delivers the bits and bytes, but dev ops still remains a relatively mysterious and unpredictable process for dev teams, over which they have little control once they throw their code over the wall.