Skip to main content

Posts

What is Agile and How Can I Use it Well?

I gave a talk at BSidesLV 2018 In the "Proving Ground" track for new speakers "What is Agile and How Can I Use it Well?" Are you a person who works with Agile developers? Are they driving you nuts? This presentation will explain the core tenets of Agile and how they apply to you, the security wonk. What you may not realize is that at its core Agile is about delivering a product, fast. Agile teams are focused on delivering a minimal viable product, getting feedback, and improving both the product and the process through iterative and continuous improvement. With a keen understanding of Agile forged in the trenches of large deployments, this presentation shows you how to effectively scale your team in order to have security be an integrated part of the Agile iterations. Slides: https://docs.google.com/presentation/d/1sCM5si8UxtOusDlBeecXudstDf9idDFQWadhLtMHPpg/edit#slide=id.p Be sure to read the speaker's notes! Video: https:// youtu
Recent posts

When Hiring (Job Posts)

I know this is not about Agile specifically but I wanted to share how I craft Job Posts when hiring, I would love to continue to improve my process. When writing a Job Post I do the following; Have boilerplate about the company itself. Yes, the candidate should dig more but you want them to want to apply and want to research. Describe the Role, where the department fits within the company, what the team/departments purpose is, and what normal activities the job will encompass. Indicate the type of person/passions which would work well List requirements , real requirements, this should be 5 or less, these should be demonstrable items Demonstrable - Upbeat attitude is not easy to demonstrate, for example Always have alternatives to a major! Great technical people can have humanities majors – i.e. use “or equivalent experience” List bonuses/ nice to have /additional items that a candidate would benefit by having Explain the benefits of the company (should be boilerplate tal

How do I find the Custom Field ID in Jira Cloud?

So you need to find the Custom Field ID in Jira Cloud. Perhaps you need the ID for a custom field to work on soem code, an API call or a script. How do you find it? You can find the ID in the URL when managing custom fields Jira - Settings - Issues - Fields - Custom Fields https://***.atlassian.net/secure/admin/ViewCustomFields.jspa Select "Edit" on the desired custom field .../admin/EditCustomField!default.jspa?id=12802 There you go! It is that number at the end of the URL Alternately, you can use ScriptRunner Jira - Setttings - Add-ons - Script Runner - Script Console and run the following def issueKey = '***-####' def result = get('/rest/api/2/issue/' + issueKey)         .header('Content-Type', 'application/json')         .asObject(Map) if (result.status == 200){     return result.body.fields } else {     return "Failed to find issue: Status: ${result.status} ${result.body}"

The dreaded "Clone" in Jira

Jira Cloud Scrum Teams Case: We clone template issues, as our work is repetitive, and get “clone” in the summary and it makes it hard to read. Built-In Jira allows you to remove "Clone" from the story you are cloning, but if you are also copying the sub-tasks there is not the option to remove it. There are ways to turn this off in Jira Server, but I could not find it in Jira cloud. Solution: Jira - Settings - Add-Ons - ScriptRunner - Escalation Service The Escalation Service called: Remove Clone In Summary As this user: (myself) Checked - enabled On this schedule: Every Hour For first 50 results returned by this query:  Project in (pipe) and Summary ~ "CLONE" Will run this code:  // check if issue.fields.summary looks like "CLONE -" def updatedSummary ="" if (issue.fields.summary.startsWith("CLONE -")) {     //if so, modify issue.fields.summary to not suck.     updatedSummary = issue.fields.summar

Jira - support tickets needing reporter sign off

Environment: Jira Cloud Agile Methodology: Kanban Situation: Support ticket flow Customers report an issue, issue is worked then placed in "Verify" to get sign off from original reporter issue is resolved. Customers (reporter) don’t always know what verify means.  The below script sends an introductory email explaining the status and our expectations. How? Workflow - Edit Transition - Post Function - ScriptRunner Post-Function - Send Notification Description: Email Reporter when ticket enters Verify Checked  - Enable Post function Condition Script Context: issue.fields.reporter != null Checked - Notify reporter Users: Groups: Subject: A Ticket You Opened Has Entered Verify Message Script Context: def fields = get('/rest/api/2/field')         .asObject(List)         .body as List<Map> """Dear ${issue.fields.reporter?.displayName}, The ${issue.fields.issuetype.name} ${issue.key} that you created has been moved to Ve

Jira Administration

Some things I have setup in Jira to make life better for me, with the way we work. Use Case 1: You should not close a story when sub tasks are not complete How? Jira - Workflow - Edit Transition Condition, before allowing a story to Status Category Done "All sub-tasks must have one of the following statuses to allow parent issue transitions:" (All done statuses) Use Case 2: You should not close a story until the blocker or impediment is resolved. How? Jira - Workflow - Edit Transition Condition, before allowing a story to Status Category Done "Value Field" The field Flagged will have to be not equal to value '"Impediment"'. Compared as String. Use Case 3: Set resolution when completing an item. Why? If no resolution is set some reports and metrics don't calculate correctly. How? Jira - Workflow - Edit Transition Done Post Function, Status Category = Done JMWE The value(s) of field Resolution of the current

Comparing Agile Methodologies

I tried to find a comparison of many of the popular Agile Framework methodologies, I couldn't find what I wanted but these came close: https://en.wikiversity.org/wiki/Agile_software_development#The_Need_for_Agile_methods http://www.eylean.com/Publications/DownloadPublication/4e93cecc-4cb2-4e3f-849d-810d7aea33a5?name=Whitepaper---Scrum-vs-Kanban-vs-Scrumban http://www.quotium.com/performance/comparison-of-key-methodologies-in-agile/ https://www.linkedin.com/pulse/scrum-vs-kanban-scrumban-petar-ilic I also found a thesis I want to read later: https://mro.massey.ac.nz/bitstream/handle/10179/515/02whole.pdf  https://www.researchgate.net/publication/221216002_Classification_and_Comparison_of_Agile_Methods