Quotes from The Art of Software Development - James Shore

• It is difficult to imagine how software will work even before we begin using it. 
• It is harder to think of absolutely everything your software needs to do. (We cannot specify all the requirements upfront.). That is requirements are emergent. 
• Core concepts of Agile are:
• Rely on people: 
• Trust people
• Put decisions in their hands
• Base your work on healthy collaborative relationships
• Deliver Value frequently
• Experiment
• Seek feedback
• Use feedback to improve your product
• Eliminate waste:
• Work in small increments.
• Embrace possibility of failure
• Others are 
  • Problems due to wait time
  • Lack of knowledge
  • Time consuming daily stand ups
  • Lengthy planning and other meetings
  • Manual regression takes long time
• Seek technical excellence:
• Start simple, add complexity only in response to needs. 
• Create systems that are easy to evolve

The road to agile mastery - Shu Ha Ri

Sprint goal

Sprint goal ties up to the product goal which again aligns with the product goal all of which aligns with the Product Strategy. This goal aligns with the product vision. 

Sprint goal >> Product Goal >> Product Strategy >> Product Vision >> Company Vision

Image courtesy: Roman Pichler.

Sprint goal: is a brief explanation of what the team plans to achieve during the course of an Agile sprint. 

There HAS to be a single sprint goal towards which the team will focus all its energies and try to achieve by end of the iteration. However, as an antipattern it is seen teams have multiple sprint goals - as a summary of all the assorted pieces of work the team may be working on. 

Having a single goal

Having a single goal forces you to pull users stories that are aligned to the finely-grained product area. (Allen Holub). This also means you may be working on some lower-value stories just because they are aligned. That leaves lots of high-value work items in the backlog simply because they are unrelated to the Single Goal. 

Product goal: describes the future state of the product. It is a long-term objective towards with the scrum team work. 

Product goal is best used to describe a specific or a measurable benefit or outcome a product should create in the course of say next two to six months.

Example: acquire users, increase conversion rate, generate revenue, reduce technical debt, etc. 

Product Development - Infinite Game [Adapted from Bala @LinkedIn]

 Product Development is an infinite game (according to Glenda Eoyang)

• It needs a long-live perennial value stream.

The rules of this infinite game are:

1. Inquiry

2. Adaptive Action

Inquiry

Answers have short shelf-life. Stick with the questions, therefore the focus on inquiry. The ability to continuously stand in inquiry is a core skill for working effectively in complex contexts.

The four simple rules for inquiry:

- Turn judgement into curiosity

- Turn disagreement into shared exploration

- Turn defensiveness into self-reflection

- Turn assumptions into questions

Adaptive Action

Adaptive Action is an elegant and powerful method for engaging with dynamical change in an ever-emerging, always self-organising world.

The three questions we have to pose are:

1. What?
2. So what?
3. Now what?

Scrum Guide 2020 Changes

 

Basel Norms

 Basel Norms - Basel 1, 2, 3

• These are norms, not mandates. However since all the international banks are integrated, it is advisable to follow the Basel norms.
• BIS - Bank for International Settlements. (Is the Bank of Central Banks).

Some key definitions

1. Tier 1 Capital (Core capital), is made up of
1. Paid up capital: When we start a company, our own funds we pump in are called Paid Up Capital.
2. Statutory reserves: Reserve to make you solvent + If we maintain the statutory reserve, the cost of insurance will be less).
3. Disclosed reserves: Say if profit is 50 lakhs, companies disclose a part of that profit and keep a part of it as Undisclosed Reserves. The disclosed part of it is called Disclosed Reserves.
2. Tier 2 Capital (Supplementary capital) is made up of 
1. Undisclosed reserves: The undisclosed part (above) are called Undisclosed Reserves.
2. Preference shares: Shares of Preferred Shareholders are called Preference Shares. Normal shares are of least priority.
3. Subordinate debt: e.g. MBS (Mortgage Backed Security):  

Upon liquidation of a company, order of preference (of money disbursement) will be

- Bond holder (debt), for example FD holder

- Subordinate debt

- Preferential shareholder

- Ordinary shareholder

Types of Risk

• Credit risk: 
• Giving a credit carries some risk
• Giving a loan with no mortgage - huge risk
• Giving a long to Govt of India - no risk
• Giving a housing loan - some risk
• Giving a car loan - more risk
• Market risk: 
• This risk is because of the market in which a company operates. For example, if the interest grows exponentially, what will be impact on bank operation? 
• If exchange rate grows, say USD = 90 INR, then what will be its impact on the bank operations?
• Operational risk: 
• This risk is the environment in which a bank operates. Floods, fires, hacking, frauds etc. are all externalities that banks have to deal with and impact their operations. 

Basel I

• Only credit risk was considered.
• There's no difference between the various kinds of debtors. Say a bank has not created risk profile of various debtors - vijay mallya, sahara group, indigo, infosys, etc. Each debtor carries a different kind of risk.
• In India, for individuals we have CIBIL and for companies we have CRISIL.

Basel II

• Considered all risks (Credit, Market, Operational - CMO)
• Capital Adequacy Ratio, CAR = 8%. The capital adequacy ratio (CAR) is a measure of how much capital a bank has available, reported as a percentage of a bank's risk-weighted credit exposures. 
• Capital is a measure of the financial cushion available to an institution to absorb any unexpected losses it experiences in running its business. For banks losses could be loan defaults; for insurers it could be a huge number of claims in the event of natural disasters. 
• Risk-weighted assets are the loans and other assets of a bank, weighted (that is, multiplied by a percentage factor) to reflect their respective level of risk of loss to the bank. For example, mortgages secured by residential property are generally considered. The greater the amount of higher risk assets and loans that a bank has, the higher its risk-weighted assets, and therefore, the higher the amount of capital the bank must have in order to meet APRA’s minimum capital adequacy ratios.
  
  
  
• For Tier I it is 4%
• For Tier II it is 4%

Basel III (New features have been added...)

• Widened the scope of operational risk. 
• Disclosure, that is more information is needed to be shown by the bank.
• To shareholders
• To the reserve bank
• To market
• Better capital quality (Now Tier I is 6%, compared to 4% previously).
• Counter Cyclical Buffer (CCB)
• The countercyclical capital buffer (CCyB) was one of the measures designed to improve the resilience of the global banking system following the global financial crisis (GFC). It is a bank capital buffer that can be raised or lowered by jurisdictions depending on the level of risk in the financial system.
• During BOOM, there is an oversupply of money in the market, consequently inflation will rise. Banks cut down the money supply thru various measures to bring down the inflation. 
• During RECESSION, 

Basel 1, 2, 3

 

BASEL I

=======

• Issued in 1998
• Focuses on Credit Risk and Risk Weighting of Assets
• Assets of banks are classified into 5 groups according to credit risk:
• 0%: (for example cash, bullion, home country debt like Treasuries)
• 20%: (securitisations such as mortgage-backed securities (MBS) with the highest AAA rating)
• 50%: (municipal revenue bonds, residential mortgages)
• 100%: (for example, most corporate debt)
• No Rating: 

Agile problems with AAG

Like most other companies, AAG too has been on the path to Enterprise Agility for several years, which is quite evident in the ways of working (Purple) of teams. Most teams have some sort of autonomy, are multi-skilled (full stack developers at least), and the deployment releases are fairly regular (with excellent CI/CD tool usage) and predictable. The feedback from the business too has been early, and adds value to the unit of work delivered. Encouragingly, it's fairly a widespread phenomenon, unlike in other companies where excellence is limited to certain pockets. 

While those are the positives, the negatives aren't too few, nor something that can be disregarded. Here I list some of the things that could still be improved with intent, right mindset and responsible leadership.

1. Lack of demand funnel. 
2. Program level prioritisation is cowboy-style individual feat (in that the heavyweights have significant say) than a collective exercise.
3. Leadership may not be democratic and likely non-aligned with goals and aspirations of teams.
4. Constant team flux, changes, team-movement.
5. Frequent ways of working model changes. 
6. Poorly defined feedback mechanisms for contractors. 
7. Perception-based judgements. 
8. Over-reliance on business analysts who double up as iteration managers.
9. Not an open culture in some teams, and fear lurking on the flanks with respect to team bigwigs. 
10. Last but not the least, Business agility is still in the stone age.

How to implement a Data Science project [Krish Naik]

 

Self confidence

 

Pre-planning, sprint planning, Elaboration sessions

 

• Planning event

• Go through in-flight user stories, check what statuses they are in, whether they can be completed in the current sprint, which ones need to be carried over to the next sprint.

• Daily stand up

• Each associate plans for the current day

• Dependencies if any

• What help is required from the team

• Anything else that needs discussion.

• What bugs are there, why, what happens, etc. etc.

• 2 Catch ups with BAs every week - Backlog refinement (No elaboration sessions)

• Three Amigos

• PO

• Developer

• Tester

• Outcome is a clear understanding of the functionality to be delivered.

• Clear acceptance criteria.

• Documented test scenarios.

• Should happen as soon as a developer picks up a user story from sprint backlog.

• User Story Handover meeting

• Explain what the user story is (after three amigos).

• What acceptance criteria is

• What testing is required

• Any other questions / queries around the functionality.

• User story points

• Sprint review / showcase

• Retro event

What is expected →

SPRINT PLANNING

Planning itself can be split into three activities:

• Pre-planning / backlog grooming

• Who - PO, SM, BA and key team members

• When - mid sprint

• What

• 10 to 15% of time

• Add new epics and user stories

• Extract stories from existing epics (refinement).

• Estimate effort in T-shirt sizing

• PO identifies candidate user stories (based on priority) for the next sprint.

• Team helps PO prioritize / re-prioritize based on tech feasibility.

• Sprint planning

• Who - PO and entire team

• When - beginning of every sprint

• What

• PO and team negotiate on which user stories will be tackled in the sprint

• Time boxed to 2-4 hours

• PO describes highest priority features to the team

• Team may split user stories to tasks

• PO answers questions, clarifies acceptance criteria and may renegotiate.

• Team sizes user story in story points.

• Result is 

• A SPRINT GOAL

• A SPRINT BACKLOG

• Elaboration session

• Who - PO, Developer, Tester

• When - addressed progressively at various points in the sprint.

• What

• Big user stories are progressively broken down into finer user stories and filled up with more details. 

• Elab ensures that unanswered questions are answered.

Don't use ticket numbers in standups

https://www.industriallogic.com/training/elearning/

Scrum Drawbacks (Based on blackbot post)

 https://medium.com/blackblot/product-management-and-the-2020-scrum-guide-free-at-last-eea0287d24db

• Scrum guide is intentionally unclear and incomplete (lacks methodological guidelines / foundation rules. Therefore one is forced to interpret terms and meanings. 
• Vagueness makes it possible to interpret scrum differently to fit different peoples' situations and opinions. Allows people to generate any scrum interpretation they want to agree with. 
• This vagueness has created an entire commercial industry around scrum, selling frameworks / scaled models. 
• Because of above, Scrum cannot be judged as wrong or right. Every interpretation appears okay within its own context.
• Absence of guidelines leads people to count a particular term in the scrum guide hoping that a higher frequency of a term would mean something. 
• None of the Scrum guides explain how Scrum views or defines value, what product management is, nor how value is tied to the product manager role or product management.

Big Data

What is Big Data?

Extremely large data sets that may be analysed computationally to reveal patterns, trends, and associations, especially relating to human behaviour and interactions.

Characteristics of Big Data

1. Volume
2. Velocity
3. Variety
4. Variability
5. Veracity
6. Visualisation
7. Value

Tools & Technologies I have used in latest project

•  VM Ware
• IntelliJ
• Ubuntu
• Linux Scripts
• Github
• Jenkins
• SCTP
• IBM BPM
• XSLT
• XML
• XPath
• Java
• Drools
• Rancher

Types of testing I have done in projects

• Test automation / regression testing
• Functional Testing
• Business Rules Testing
• Testing Technical User Stories (database upgrade, Java upgrade, etc.)
• Blue-Green testing
• Negative testing
• Exploratory testing
• Smoke testing (Automated - test things we expect to work).
• Performance testing - out of scope
•  Security testing
• API testing

API - Authentication vs Authorisation

 

API Verbs

API Verbs

• Get
• Post
• Put
• Delete

API Terminology

• Idempotency: In the context of REST APIs, when making multiple identical requests has the same effect as making a single request. The API supports idempotency for safely retrying requests without accidentally performing the same operation twice. This is useful when an API call is disrupted in transit and you do not receive a response. For example, if a request to create a charge does not respond due to a network connection error, you can retry the request with the same idempotency key to guarantee that no more than one charge is created.
• Safety: Action does not have any effect on the State. For example, Get action. 

API Economy

 Is the way APIs can positively impact an organization's profitability.

Simple API Request

 

API Mottos - IBM

 

• APIs should be treated like any other product. 
• They need a carefully defined life cycle and governance model to enforce that life cycle
• APIs must be carefully crafted so they’re attractive to the intended consumer so it “sells.” (not literally)

Traditional development vs. Low code development

 

PSM Sources

6 Reason to choose Agile Project Management over Traditional Project Management - https://lnkd.in/gNUcD5a

• Project Manager vs. Scrum Master — Stop Comparing - https://lnkd.in/gPufnZ7
• Agile Manifesto — 4 agile values explained - https://lnkd.in/g7tq7Sf
• Principles of Agile Software Development — Explained - https://lnkd.in/gASqzZ7
• Agile vs. Scrum — is it the same or different? - https://lnkd.in/g2y2j8T
• Scrum theory, principles, and values - https://lnkd.in/g8M2GYE
• Essential elements of Agile Scrum - https://lnkd.in/gdxDkv3
• How to start developing software product using Scrum - https://lnkd.in/gZ4k3rA
• What is Sprint Backlog in Scrum Framework - https://lnkd.in/gBWhZep
• 5 Dos And Don’ts During The Sprint Planning - https://lnkd.in/gaqZaED
• Sprint Review is different from the Sprint Retrospective. - https://lnkd.in/grW4B-3
• What is Technical Debt and, why is it bad? - https://lnkd.in/g3E53fD
• What do you do as a Scrum Master — conversation with a Scrum Master - https://lnkd.in/g9YxW46
• 7 tips for setting up new scrum teams - https://lnkd.in/gXK46xr
• Tips to be an effective Scrum Master - https://lnkd.in/gbwNxfz
• Effective Facilitation Techniques for the Scrum Master - https://lnkd.in/gJSyFaj
• Do we really need SAFe, LeSS, Spotify, or Nexus to be agile? - https://lnkd.in/gR_yzQm
• What is agile coaching, and why is it needed? - https://lnkd.in/dqBgGKN

Penetration Testing Payloads

https://github.com/payloadbox

• SQL Injection Payload
• SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

• XSS Payload
• XXE Payload
• Command Injection Payload
• Open-redirect Payload
• RFI-LFI Payload