Within IT organizations, you will find there is a formal organization chart, with defined roles and responsibilities. These often form around functional areas like IT Operations, Application Development, Security or Portfolio Management, or Service Management. There are also hidden and invisible 'groups' that are defined by the traits and characteristics that the people share. While these groups might align to a formal organization in the org chart, they might not.
When you consider modern organizations and culture, often we organize into groups that share common values, culture, processes, language, standards, and norms. Understanding the culture and values of these groups is incredibly important when we try to connect with them and offer solutions to alleviate their pain points.
| Trait | Description |
|---|---|
| Values | Some people may value innovation, while others value quality |
| Culture | How people work may be different |
| Challenges | They will perceive different challenges in their work |
| Thought leaders, analysts, & conferences | They will follow and learn from different leaders |
| Tools | the tools they choose will meet their specific needs |
| Processes, practices, and standards | ITIL, CMMI, Agile, PMI, etc |
| Conflicts | They may see things differently form other 'it groups') |
In IT, there are several 'hidden groups' that describe groups of people and their shared values and common traits. While there are many possible 'IT Groups' to explore, the goal here is to offer a simple framework of the most typical and common divisions in order to understand their needs, goals, challenges and language.
| Hidden IT groups | Organize | Build / Develop | Test | Run | Protect |
|---|---|---|---|---|---|
| Values | On time, on budget, on track. Organization. Keeping the team focused on delivery for the business. | Innovate and deliver cool new solutions as fast as possible, help the business compete with the best solutions to meet their needs. | Quality is key, finding defects, protect users have a bad experience | Uptime, performance, availability, efficiency. Keep it running with the lowest cost. Restore service as fast as possible. Avoid and recover from outages (disasters) | Manage and minimize risks, protect our systems, data and business from cyber threats everywhere, inside and outside. |
| Culture | Complex projects and programs, securing teams in a matrixed world to organize and deliver. Agile makes it difficult to predict future delivery. | Collaborative and creative. Early adopters of new technology. | Processes and traceability to double check that each release is suitable for production. Often view their role as guardians, protecting users from defects. | Process oriented, often based on ITIL processes. | People, process, technologies are a constant balancing act. The goal is to have enough of each. You can't be 100% secure, but need to have a layered approach to security. While security does introduce friction, the goal is to enable the business. |
| Typical titles | Project Manager, Scrum Master, Product manager, Business Analyst | Developer, architect, DBA, DevOps Lead, DevOps Engineer, DevTest | QA Lead, Tester, Performance tester, Automation Tester, DevOps Lead?, DevOps Engineer, DevTest | Sys Admin, Perf Monitoring, Incident Mgt, Release Mgr, SRE, DevOps Lead, DevOps Engineer | Security Operations, Security Analyst, Application Security, Penetration Tester, others |
| Hidden IT Groups | Organize | Build / Develop | Test | Ops | Protect |
| Tools they use | PPM, Agile Portfolio Mgt, Project Management, Value Stream mgt, Requirements Mgt, | SCM, Code Review, Code Quality, API Mgt, Architecture Mgt, Binary Repository, CI | ALM, Quality Mgt, Test Automation, Perf Testing | CD, Container Mgt, Cloud Mgt, ITSM, Service Desk, Incident Mgt, APM, | App Security, Web App Firewall, SEIM?, SW Composition Mgt, |
| Process | PMI, PMBOK, Prince2, SAFE, Earned Value, WBS | CI, Agile, RUP, Pair Programing, | Risk Based Testing, Traceability, TMMI, CMMI | ITIL, Release Mgt, Change Mgt, Incident Mgt, Service Management | COBIT, ISO |
| Challenges | Complex projects and programs, securing teams in a matrixed world to organize and deliver. Agile makes it difficult to predict future delivery. | Contributing to multiple projects, workstreams and systems. Supporting production and new development. Burdensome processes get in the way of delivering value. | Complicated software changes that is hard to accurately test. Test environments that don't match production and keeping up with the rate of change from Dev | Managing complex legacy infrastructure where business expects 24x7 at no cost, while developers want to make changes and break things. Stuff breaks for no reasons outside of your control. | Expected to protect everything, but rarely involved in projects early or often enough. Frequently blamed for project delays and rework. Often late in SDLC, an isolated team, not included in developing new requirements, testing etc. From an operational standpoint, signal fatigue is a real problem. |
| Utopia | Able to quickly prioritize business demand, initiate projects and organize resources to deliver on time and on budget. Visibility into execution helps to solve issues early. | Able to focus on innovation and solving business problems. Responsive to change and not burdened by bureaucratic processes. They care about their software and the business value they deliver. | Testable requirements and testable applications enable automated testing of every change identifies defects, enabling the QA team to focus on exploratory testing and edge cases. | Changes never break SLAs, when problems happen, MTTR is rapid. Production infrastructure is easy to manage, scalable, efficient and available to support business demand. Self service enables day to day work and there are no snowflakes. | Because security is never 100%, ideally, we would have both proactive and reactive capabilities. For example, application security and shifting left would be proactive measures, along with secure SDLC training for developers. On the reactive side, we have security operations and red teaming capabilities that catch what wasn't discovered earlier in the process. All of these capabilities need to be driven and governed by policy and process, and adequate technologies need to be deployed to ensure success. |
| Hidden IT Groups | Organize | Build / Develop | Test | Ops | Protect |
| GitLab Stage Mapping | Manage, Plan | Create, part of Verify | Verify, part of Plan | Package, Release, Configure, Monitor | Secure, Protect |
DevOps is a movement, bringing teams together to work across their group differences.
These hidden IT groups relate to one or many stages. See the above table.
The closer you look at any of these macro groups, you might see 'sub groups' with in them. For example in the Run group, you might discover a service faction or an infrastructure/network faction. Or in the QA/Test group, you may find performance testing and devtest factions.
|