Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Hidden IT Groups

Hidden IT Groups

What is a "Hidden IT Group"?

Within IT organizations, you will find there is a formal organization chart, with defined roles and responsibilities. These often form around functional areas like IT Operations, Application Development, Security or Portfolio Management, or Service Management. There are also hidden and invisible 'groups' that are defined by the traits and characteristics that the people share. While these groups might align to a formal organization in the org chart, they might not.

Why are hidden groups relevant

When you consider modern organizations and culture, often we organize into groups that share common values, culture, processes, language, standards, and norms. Understanding the culture and values of these groups is incredibly important when we try to connect with them and offer solutions to alleviate their pain points.

Trait Description
Values Some people may value innovation, while others value quality
Culture How people work may be different
Challenges They will perceive different challenges in their work
Thought leaders, analysts, & conferences They will follow and learn from different leaders
Tools the tools they choose will meet their specific needs
Processes, practices, and standards ITIL, CMMI, Agile, PMI, etc
Conflicts They may see things differently form other 'it groups')

IT Groups in enterprise IT/technology

In IT, there are several 'hidden groups' that describe groups of people and their shared values and common traits. While there are many possible 'IT Groups' to explore, the goal here is to offer a simple framework of the most typical and common divisions in order to understand their needs, goals, challenges and language.

Groups vs Personas

IT Groups 1.0

Hidden IT groups Organize Build / Develop Test Run Protect
Values On time, on budget, on track. Organization. Keeping the team focused on delivery for the business. Innovate and deliver cool new solutions as fast as possible, help the business compete with the best solutions to meet their needs. Quality is key, finding defects, protect users have a bad experience Uptime, performance, availability, efficiency. Keep it running with the lowest cost. Restore service as fast as possible. Avoid and recover from outages (disasters) Manage and minimize risks, protect our systems, data and business from cyber threats everywhere, inside and outside.
Culture Complex projects and programs, securing teams in a matrixed world to organize and deliver. Agile makes it difficult to predict future delivery. Collaborative and creative. Early adopters of new technology. Processes and traceability to double check that each release is suitable for production. Often view their role as guardians, protecting users from defects. Process oriented, often based on ITIL processes. People, process, technologies are a constant balancing act. The goal is to have enough of each. You can't be 100% secure, but need to have a layered approach to security. While security does introduce friction, the goal is to enable the business.
Typical titles Project Manager, Scrum Master, Product manager, Business Analyst Developer, architect, DBA, DevOps Lead, DevOps Engineer, DevTest QA Lead, Tester,Performance tester, Automation Tester, DevOps Lead?, DevOps Engineer, DevTest Sys Admin, Perf Monitoring, Incident Mgt, Release Mgr, SRE, DevOps Lead, DevOps Engineer Security Operations, Security Analyst, Application Security, Penetration Tester, others
Hidden IT Groups Organize Build / Develop Test Ops Protect
Tools they use PPM, Agile Portfolio Mgt, Project Management, Value Stream mgt, Requirements Mgt, SCM, Code Review, Code Quality, API Mgt, Architecture Mgt, Binary Repository, CI ALM, Quality Mgt, Test Automation, Perf Testing CD, Container Mgt, Cloud Mgt, ITSM, Service Desk, Incident Mgt, APM, App Security, Web App Firewall, SEIM?, SW Composition Mgt,
Process PMI, PMBOK, Prince2, SAFE, Earned Value, WBS CI, Agile, RUP, Pair Programing, Risk Based Testing, Traceability, TMMI, CMMI ITIL, Release Mgt, Change Mgt, Incident Mgt, Service Management COBIT, ISO
Challenges Complex projects and programs, securing teams in a matrixed world to organize and deliver. Agile makes it difficult to predict future delivery. Contributing to multiple projects, workstreams and systems. Supporting production and new development. Burdensome processes get in the way of delivering value. Complicated software changes that is hard to accurately test. Test environments that don't match production and keeping up with the rate of change from Dev Managing complex legacy infrastructure where business expects 24x7 at no cost, while developers want to make changes and break things. Stuff breaks for no reasons outside of your control. Expected to protect everything, but rarely involved in projects early or often enough. Frequently blamed for project delays and rework. Often late in SDLC, an isolated team, not included in developing new requirements, testing etc. From an operational standpoint, signal fatigue is a real problem.
Utopia Able to quickly prioritize business demand, initiate projects and organize resources to deliver on time and on budget. Visibility into execution helps to solve issues early. Able to focus on innovation and solving business problems. Responsive to change and not burdened by bureaucratic processes. They care about their software and the business value they deliver. Testable requirements and testable applications enable automated testing of every change identifies defects, enabling the QA team to focus on exploratory testing and edge cases. Changes never break SLAs, when problems happen, MTTR is rapid. Production infrastructure is easy to manage, scalable, efficient and available to support business demand. Self service enables day to day work and there are no snowflakes. Because security is never 100%, ideally, we would have both proactive and reactive capabilities. For example, application security and shifting left would be proactive measures, along with secure SDLC training for developers. On the reactive side, we have security operations and red teaming capabilities that catch what wasn't discovered earlier in the process. All of these capabilities need to be driven and governed by policy and process, and adequate technologies need to be deployed to ensure success.
Hidden IT Groups Organize Build / Develop Test Ops Protect
GitLab Stage Mapping Manage, Plan Create, part of Verify Verify, part of Plan Package, Release,Configure, Monitor Secure, Defend

- What about DevOps?

DevOps is a movement, bringing teams together to work across their group differences.

- What about Stages?

These hidden IT groups relate to one or many stages. See the above table.

- Are there other 'hidden groups'?

The closer you look at any of these macro groups, you might see 'sub groups' with in them. For example in the Run group, you might discover a service faction or an infrastructure/network faction. Or in the QA/Test group, you may find performance testing and devtest factions.

                                                                                             |