A few years ago, I made the transition from an IT Audit Manager in both public accounting and private industry to wearing a number of hats in an organization building software for auditors to plan, perform and document their work. As part of that transition, I made it a point to learn as much as I could about my new field, much as I would when going into a new client. In the process, I found two great resources which hold a wealth of knowledge for anyone in either of these two fields. And, instead of being tomes of methodology or standards, both of which I have the experience of reading and writing, these books are written as novels. As such, they are a very enjoyable way of gaining a great deal of career knowledge.
These two books are
And
Gene Kim, for those of you playing at home, was the author of Tripwire software while a grad student at Purdue, under one of the illuminati of IT security, Dr Gene Spafford. So, he understands issues of change management and compliance from the perspective of many of us from the IT audit world.
The Phoenix Project gives a high level view of how IT employees can think about the way they plan, schedule and complete work. It is about the importance of breaking down silos, both within IT and across an enterprise, to improve organizational agility in order to identify and break down constraints or bottlenecks, and as a result, increase quality and velocity and improve outcomes. It is important to have this view because as time has passed, we have seen IT being an appendage of a business to being the business, even when the product is not software.
The Unicorn Project covers the same story in many regards, but is updated for the years in between the publishing dates, but is from a developer's point of view.
The two books together give you a detailed look at the transition from a waterfall development process into Agile and the world of DevOps, from both sides of the transition. And this view can be applied to product development of all kinds, not just software. Whether you are in IT, Audit or other areas of an entity, one or both of those perspectives is going to bring you some very useful insights to how you view your role and your client, internal or external.
How useful are these books? When I was researching a little more about them, I found that folks such as Whatis.com, a division of Tech Target, use it as a learning tool for staff development.
After reading these books, I googled around about change management to see what has changed in the field since DevOps has now been around for a several years, driven in part by the Phoenix Project. I was amazed to see a number of articles still referencing the classic controls we looked for in change management back a decade or more. The control principles are still needed in this agile world, but how they are implemented and tested should vary quite a bit from change control boards and multiple levels of sign-offs. Take a read and think about how you might change what you do.
To get you started, here is a link a downloadable PDF excerpt from the Phoenix Project from the publisher, IT Revolution Press, an organization founded by Gene Kim.
Happy reading.
Tim Smith, ISACA San Diego Chapter Treasurer