Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!
Software Development Blogs: Programming, Software Testing, Agile Project Management
Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!
Iâve put together a massive collection of the best-of-the-best blogging resources so they are at your fingertips:
Itâs a serious collection of blogging resources including:
And by serious, I mean serious. Itâs a hard-core collection of some of the best blogging resources that will help you succeed where others fail.
I will continue to add blogging resources, but you will already find a treasure trove of great articles, books, podcasts, videos and more to help you start your blog, improve your blog, or bring an old blog back to life.
I help a lot of people start blogs. I shave years of potentially painful lessons off of their learning curve, so they can get started doing more of what they love, avoid some of the many pitfalls, and build a blog they love (if it feels like a chore, youâre doing it wrong.)
If you havenât already started a blog, this might be just the resource roundup you need to help you get started and to help you leap frog ahead.
There are lots of reasons why you might start a blog, if you haven't already. Maybe you want to start a movement. Maybe you want to land your next dream job. Maybe you want to make friends around the world. Maybe you want to explore your creativity. Maybe you want to launch a writing career and build your next book. Maybe you want to build an online business, one post at a time.
The thing that I try to teach people is that working on your blog, is working on your life. You learn a lot about your personal productivity, your values, your ability to ship ideas, your ability to connect with people, and ultimately, what you want to spend more time doing. A blog is a great way to build a personal platform for giving your best, where you have your best to give in the service for others.
And if you monetize your blog, and if you master creating and capturing value, it can be one of the smartest ways to combine passion and profit. The key to keep in mind is, do what you would do for free, but blend it with doing what people will pay you for, in a way that uses your unique strengths, makes you come alive, adds value, and helps change the world in your way.
Everybody has ideas. Some share them. Some shape them. Some ship them. Some productize them. Some let them die.
Put a little dent in the universe, a post at a time.
"No one can whistle a symphony. It takes a whole orchestra." â H.E. Luccock
Being an effective program manager at Microsoft means knowing how to make things happen. While being a program manager requires a lot more than project management, project management is still at the core.
Project management is the backbone of execution.
And execution is tough. But execution is also the breeding ground of results. Execution is what separates many teams and individuals from the people who have good ideas, and the people that actually ship them. Great ideas die on the vine every day from lack of execution. (Lack of execution is the same way great strategies die, too.)
If you want to learn the art and science of execution, here is a handful of books that have served me well:
Well, there you have it. Thatâs my short-list of project management books that really have made a difference and that can really help you be a more effective program manager or project manager (or simply build better project management skills.)
Too many people are still working on ineffective projects, getting lackluster results, slogging away, and doing too much âpushâ and not addressing nearly enough of the existing âpullâ thatâs already there.
These are the project management books that build real competence.
And where competence grows, confidence flows.
âAmateurs sit and wait for inspiration, the rest of us just get up and go to work.â â Stephen King
The ultimate personal productivity platform is you.
Letâs just put that on the table right up front so you know where personal productivity ultimately comes from. Itâs you.
I canât possibly give you anything that will help you perform better than an organized mind firing on all cylinders combined with self-awareness.
You are the one that ultimately has to envision your future. You are the one that ultimately has to focus your attention. You are the one that ultimately needs to choose your goals. You are the one that ultimately has to find your motivation. You are the one that ultimately needs to manage your energy. You are the one that ultimately needs to manage your time. You are the one that ultimately needs to take action. You are the one that needs to balance work and life.
Thatâs a lot for you to do.
So the question isnât are you capable? Of course you are.
The real question is, how do you make the most of you?
Agile Results is a personal productivity platform to help you make the most of what youâve got.
Agile Results is a simple system for getting better results. It combines proven practices for productivity, time management, and motivation into a simple system you can use to achieve better, faster, easier results for work and life.
Agile Results works by integrating and synthesizing positive psychology, sport psychology, project management skills, and peak performance insights into little behavior changes you can do each day. Itâs also based on more than 10 years of extensive trial and error to help people achieve high performance.
If you donât know how to get started, start simple:
Ask yourself the following question: âWhat are three things I want to achieve today?â
And write those down. Thatâs it.
Youâre doing Agile Results.
âThe questions that we must ask ourselves, and that our historians and our children will ask of us, are these: How will what we create compare with what we inherited? Will we add to our tradition or will we subtract from it? Will we enrich it or will we deplete it?â
â Leon Wieseltier
Digital transformation is all around us.
And we are all digital employees according to Gartner.
In the article, Gartner Says Every Employee Is a Digital Employee, Gartner says that the IT function no longer holds a monopoly on IT.A Greater Degree of Digital Dexterity
According to Gartner, employees are creating increasing digital dexterity from the devices and apps they use, to participating in sharing economies.
"'Today's employees possess a greater degree of digital dexterity,' said Matt Cain, research vice president at Gartner. 'They operate their own wireless networks at home, attach and manage various devices, and use apps and Web services in almost every facet of their personal lives. They participate in sharing economies for transport, lodging and more.'"Workers are Streamlining Their Work Life
More employees are using technology to simplify, streamline, and scale their work.
"This results in unprecedented numbers of workers who enjoy using technology and recognize the relevance of digitalization to a wide range of business models. They also routinely apply their own technology and technological knowledge to streamline their work life."3 Ways to Exploit Digital Dexterity
According to Gartner, there are 3 Ways the IT organization should exploit employees' digital dexterity:
While itâs happening organically, IT can also help shape the digital workplace experience. Implement a strategy that helps workers use computing resources in a more friction free way and that play better with their pains, needs, and desired outcomes.
âMaking computing resources more accessible in ways that match employees' preferences will foster engagement by providing feelings of empowerment and ownership. The digital workplace strategy should therefore complement HR initiatives by addressing and improving factors such as workplace culture, autonomous decision making, work-life balance, recognition of contributions and personal growth opportunities.â2. Embrace shadow IT
Treat shadow IT as a first class citizen. IT should partner with the business to help the business realize itâs potential, and to help workers make the most of the available IT resources.
âRather than try to fight the tide, the IT organization should develop a framework that outlines when it is appropriate for business units and individuals to use their own technology solutions and when IT should take the lead. IT should position itself as a business partner and consultant that does not control all technology decisions in the business.â3. Use a bimodal approach
Traditional IT is slow. Itâs heavy in governance, standards, and procedures. It addresses risk by reducing flexibility. Meanwhile, the world is changing fast. Business needs to keep up. Business needs fast IT.
So whatâs the solution?
Bimodal IT. Bimodal IT separates the fast demands of digital business from the slow/risk-averse methods of traditional IT.
âBimodal IT separates the risk-averse and âslowâ methods of traditional IT from the fast-paced demands of digital business, which is underpinned by the digital workplace. This dual mode of operation is essential to satisfy the ever-increasing demands of digitally savvy business units and employees, while ensuring that critical IT infrastructure and services remain stable and uncompromised.â
Everyone has technology at their fingertips. Every worker has the chance to re-imagine their work in a Mobile-First, Cloud-First world.
With infinite compute, infinite capacity, global reach, and real-time insights available to you, how could you evolve your job?
You can evolve your digital work life right under your feet.You Might Also Like
âCourage doesn't always roar. Sometimes courage is the little voice at the end of the day that says I'll try again tomorrow.â -- Mary Anne Radmacher
Imagine if you could wake up productive, where each day is a fresh start. As you take in your morning breath, you notice your mind is calm and clear.
You feel strong and well rested.
Before you start your day, you picture in your mind three simple scenes of the day ahead:
In the morning, you see yourself complete a draft youâve been working on.
In the afternoon, you see yourself land your idea and win over your peers in a key meeting.
In the evening, you see yourself enjoying some quiet time as you sit down and explore your latest adventures in learning.
With an exciting day ahead, and a chance to rise and shine, you feel the day gently pull you forward with anticipation.
You know youâll be tested, and you know some things wonât work out as planned. But you also know that you will learn and improve from every setback. You know that each challenge you face will be a leadership moment or a learning opportunity. Your challenges make you stronger.
And you also know that you will be spending as much time in your strengths as you can, and that helps keeps you strong, all day long.
You motivate yourself from the inside out by focusing on your vision for today and your values. You value achievement. You value learning. You value collaboration. You value excellence. You value empowerment. And you know that throughout the day, you will have every chance to apply your skills to do more, to achieve more, and to be more.
Each task, or each challenge, is also a chance to learn more. From yourself, and from everyone all around you. And this is how you never stop learning.
You may not like some of the tasks before you, but you like the chance to master your craft. And you enjoy the learning. And you love how you get better. With each task on your To-Do list for today, you experiment and explore ways to do things better, faster, and easier.
Like a productive artist, you find ways to add unique value. You add your personal twist to everything you do. Your twist comes from your unique experience, seeing what others canât see from your unique vantage point, and applying your unique strengths.
And thatâs how you do more art. Your art. And as you do your art, you feel yourself come alive. You feel your soul sing, as you operate at a higher level. As you find your flow and realize your potential, your inner-wisdom winks in an approving way. Like a garden in full bloom on a warm Summerâs day, you are living your arĂȘte.
As your work day comes to an end, you pause to reflect on your three achievements, your three wins, for the day. You appreciate the way you leaned in on the tough stuff. You surprised yourself in how you handled some of your most frustrating moments. And you learned a new way to do your most challenging task. You take note of the favorite parts of your day, and your attitude of gratitude feels you with a sense of accomplishment, and a sense of fulfillment.
Fresh and ready for anything, you head for home.
Try 30 Days of Getting Results. Itâs free. Surprise yourself with what youâre capable of.
"What lies behind us and what lies before us are small matters compared to what lies within us. And when we bring what is within us out into the world, miracles happen." -- Ralph Waldo Emerson
I've written about 30 Day Sprints before, but it's time to talk about them again:
30 Day Sprints help you change yourself with skill.
Once upon a time, I found that when I was learning a new skill, or changing a habit, or trying something new, I wasn't getting over that first humps, or making enough progress to stick with it.
At the same time, I would get distracted by shiny new objects. Because I like to learn and try new things, I would start something else, and ditch whatever else I was trying to work on, to pursuit my new interest. So I was hopping from thing to thing, without much to show for it, or getting much better.
I decided to stick with something for 30 days to see if it would make a difference. It was my personal 30 day challenge. And it worked. What I found was that sticking with something past two weeks, got me past those initial hurdles. Those dips that sit just in front of where breakthroughs happen.
All I did was spend a little effort each day for 30 days. I would try to learn a new insight or try something small each day. Each day, it wasn't much. But over 30 days, it accumulated. And over 30 days, the little effort added up to a big victory.Why 30 Day Sprints Work So Well
Eventually, I realized why 30 Day Sprints work so well. You effectively stack things in your favor. By investing in something for a month, you can change how you approach things. It's a very different mindset when you are looking at your overall gain over 30 days versus worrying about whether today or tomorrow gave you immediate return on your time. By taking a longer term view, you give yourself more room to experiment and learn in the process.
And that is just the tip of the iceberg.
The real power of 30 Day Sprints is that they help you take action. They help you get rid of all the excuses and all the distractions so you can start to achieve what youâre fully capable of.Ways to Make 30 Day Sprints Work Better
When I first started using 30 Day Sprints for personal development, the novelty of doing something more than a day or a week or even two weeks, was enough to get tremendous value. But eventually, as I started to do more 30 Day Sprints, I wanted to get more out of them.
Here is what I learned:
Obviously, you have to find what works for you, but I've found these ideas to be especially helpful in getting more out of each 30 Day Sprint. Especially the part about focusing on the learning. I can't tell you how many times I got too focused on the results, and ended up missing the learning and the insights.
If you slow down, you speed up, because you connect the dots at a deeper level, and you take the time to really understand nuances that make the difference.Getting Started
Keep things simple when you start. Just start. Pick something, and make it your 30 Day Sprint.
In fact, if you want to line your 30 Day Sprint up with the start of the month, then just start your 30 Day Sprint now and use it as a warm-up. Try stuff. Learn stuff. Get surprised. And then, at the start of next month, just start your 30 Day Sprint again.
If you really don't know how to get started, or want to follow a guided 30 Day Sprint, then try 30 Days of Getting Results. It's where I share my best lessons learned for personal productivity, time management, and work-life balance. It's a good baseline, because by mastering your productivity, time management, and work-life balance, you will make all of your future 30 Day Sprints more effective.Boldly Go Where You Have Not Gone Before
But it's really up to you. Pick something you've been either frustrated by, inspired by, or scared of, and dive in.
Whether you think of it as a 30 Day Challenge, a 30 Day Improvement Sprint, a Monthly Improvement Sprint, or just a 30 Day Sprint, the big idea is to do something small for 30 days.
If you want to go beyond the basics and learn everything you can about mastering personal productivity, then check out Agile Results, introduced in Getting Results the Agile Way.
Who knows what breakthroughs lie within?
May you surprise yourself profoundly.
âLet him who would move the world first move himself.â â Socrates
At work, and in life, you need every edge you can get.
Personal development is a process of realizing and maximizing your potential.
Itâs a way to become all that youâre capable of.
One of the most powerful books on personal development is Unlimited Power, by Tony Robbins. In Unlimited Power, Tony Robbins shares some of the most profound insights in personal development that world has ever known.Develop Your Abilities and Model Success
Through a deep dive into the world of NLP (Neuro-Linguistic Programming) and Neuro-Associative Conditioning, Robbins shows you how to master you mind, master your body, master your emotional intelligence, and improve what youâre capable of in all aspects of your life. You can think of NLP as re-programming your mind, body, and emotions for success.
Weâve already been programmed by the shows we watch, the books weâve read, the people in our lives, the beliefs weâve formed. But a lot of this was unconscious. We were young and took things at face value, and jumped to conclusions about how the world works, who we are, and who we can be, or worse, who others think we should be.
NLP is a way to break way from limiting beliefs and to model the success of others with skill. You can effectively reverse engineer how other people get success and then model the behavior, the attitudes, and the actions that create that success. And you can do it better, faster, and easier, than you might imagine.
NLP is really a way to model what the most successful people think, say, and do.Unlimited Power at Your Fingertips
Iâve created a landing page that is a round up and starting point to dive into some of the book nuggets from Unlimited Power:
On that page, I also provided very brief summaries of the core personal development insight so that you can get a quick sense of the big ideas.
A Book Nugget is simply what I call a mini-lesson or insight from a book that you can use to change what you think, feel, or do.
Unlimited Power is not an easy book to read, but itâs one of the most profound tombs of knowledge in terms of personal development insights.Personal Development Insights at Your Fingertips
If you want to skip the landing page and just jump into a few Unlimited Power Book Nuggets and take a few personal development insights for a spin, here you go:
As youâll quickly see, Unlimited Power remains one of the most profound sources of insight for realizing your potential and becoming all that youâre capable of.
It truly is the ultimate source of personal development in action.
Hugh is the creative director at Gaping Void. I got to meet Hugh, along with Jason Korman (CEO), and Jessica Higgins, last week to talk through some ideas.
Hugh uses cartoons as a snappy and insightful way to change the world. You can think of it as âMotivational Art for Smart People.âThe Illustrated Guide to Life Inside Microsoft
One of Hughâs latest creations is the Illustrated Guide to Life Insight Microsoft. Itâs a set of cards you can flip, with a cartoon on the front, and a quote on the back. Itâs truly insight at your fingertips.
I like them all âŠ from âMicrosoft is a âGet Stuff Doneâ companyâ to âSoftware is the thing between the thingsâ, but my favorite is:
âItâs more fun being the underdog.â
Itâs a reminder how you can take the dog out of the fight, but you canât take the fight out of the dog, and as long as youâre still in the game, and you are truly a learning company, and a company that continues to grow and evolve, you can change the world âŠ your unique way.Tweaking People in the Right Direction
Hugh is an observer and participant who inspires and prods people in the right direction âŠ
ââAttaching art to business outcomes can articulate deep emotions and bring things to light fast,â said MacLeod. To get there requires MacLeod immersing himself within a company, so he can look for what he calls âfreaks of lightââepiphanies about a company that express the collected motivations of its people. âMy cartoons make connections,â said MacLeod. âI create work in an ambient way to tweak people in the right direction.ââ
âHeâs an observer and a participant, mingling temporarily within a culture to better understand it. Heâs also a listener, taking your thoughts and combining them with his own to piece together the puzzle he is trying to solve about the human condition and business environment.â
Check out the Illustrated Guide to Life Inside Microsoft and some of the ideas just might surprise you, or, at least inspire and motivate you today â you smart person, you.
"A moment's insight is sometimes worth a life's experience." -- Oliver Wendell Holmes, Sr.
Some say weâre in the Age of Insight. Others say insight is the new currency in the Digital Economy.
And still others say that insight is the backbone of innovation.
Either way, we use âinsightâ an awful lot without talking about what insight actually is.
So, what is insight?
I thought it was time to finally do a deeper dive on what insight actually is. Here is my elaboration of âinsightâ on Sources of Insight:
You can think of it as âinsight explained.â
The simple way that I think of insight, or those âah haâ moments, is by remembering a question Ward Cunningham uses a lot:
âWhat did you learn that you didnât expect?â or âWhat surprised you?â
Ward uses these questions to reveal insights, rather than have somebody tell him a bunch of obvious or uneventful things he already knows. For example, if you ask somebody what they learned at their presentation training, theyâll tell you that they learned how to present more effectively, speak more confidently, and communicate their ideas better.
But if you instead ask them, âWhat did you learn that you didnât expect?â they might actually reveal some insight and say something more like this:
âEven though we say donât shoot the messenger all the time, you ARE the message.â
âIf you win the heart, the mind follows.â
Itâs the non-obvious stuff, that surprises you (at least at first). Or sometimes, insight strikes us as something that should have been obvious all along and becomes the new obvious, or the new normal.
Ward used this insights gathering technique to more effectively share software patterns. He wanted stories and insights from people, rather than descriptions of the obvious.
Iâve used it myself over the years and it really helps get to deeper truths. If you are a truth seeker or a lover of insights, youâll enjoy how you can tease out more insights, just by changing your questions. For example, if you have kids, donât ask, âHow was your day?â Ask them, âWhat was the favorite part of your day?â or âWhat did you learn that surprised you?â
Wow, I now this is a short post, but I almost left without defining insight.
According to the dictionary, insight is âThe capacity to gain an accurate and deep intuitive understanding of a person or thing.â Or you may see insight explained as inner sight, mental vision, or wisdom.
I like Edward de Bonoâs simple description of insight as âEureka moments.â
Some people count steps in their day. I count my âah-haâ moments. After all, the most important ingredient of effective ideation and innovation is âŠyep, you guessed it â insight!
For a deeper dive on the power of insight, read my page on Insight explained, on Sources Of Insight.com
We take productivity seriously at Microsoft. Ask any Softie. I never have a lack of things to do, or too much time in my day, and I can't ever make "too much" impact.
To be super productive, I've had to learn hard-core prioritization techniques, extreme energy management, stakeholder management, time management, and a wealth of productivity hacks to produce better, faster results.
We donât learn these skills in school. But if weâre lucky, we learn from the right mentors and people all around us, how to bring out our best when we need it the most.Download the 30 Days of Getting Results Free eBook
You can save years of pain for free:
Thereâs always a gap between books you read and what you do in the real world. I wanted to bridge this gap. I wanted 30 Days of Getting Results to be raw and real to help you learn what it really takes to master productivity and time management so you can survive and thrive with the best in the world.
Itâs not pretty. Itâs super effective.30 Days of Getting Results is a 30 Day Personal Productivity Improvement Sprint
I wrote 30 Days of Getting Results using a 30 Day Sprint. Each day for that 30 Day Sprint, I wrote down the best information I learned from the school of hard knocks about productivity, time management, work-life balance, and more.
For each day, I share a lesson, a story, and an exercise.
I wanted to make it easy to practice productivity habits.Agile Results is a Fire Starter for Personal Productivity
The thing thatâs really different about Agile Results as a time management system is that itâs focused on meaningful results. Time is treated as a first-class citizen so that you hit your meaningful windows of opportunity, and get fresh starts each day, each week, each month, each year. As a metaphor, you get to be the author of your life and write your story forward.
For years, Iâve received emails from people around the world how 30 Days of Getting Results was a breath of fresh air for them.
It helped them find their focus, get more productive, enjoy what they do, renew their energy, and spend more time in their strengths and their passions, while pursuing their purpose.
Itâs helped doctors, teachers, students, lawyers, developers, grandmothers, and more.Learn a New Language, Change Careers, or Start a Business
You can use Agile Results to learn better, faster, and deeper because it helps you think better, feel better, and take better action.
You can use Agile Results to help you learn a new language, build new skills, learn an instrument, or whatever your heart desires.
I used the system to accidentally write a book in a month.
I didnât set out to write a book. I set out to share the worldâs best insight and action for productivity and time management. I wrote for 20 minutes each day, during that month, to share the best lessons and the best insights I could with one purpose:
Help everyone thrive in work and life.
Over the coming months, I had more and more people ask for a book version. As much as they liked the easy to flip through Web pages, they wanted to consume it as an eBook. So I turned 30 Days of Getting Results into a free eBook and made that available.
Here's the funny part:
I forgot I had done that.The Accidental Free Productivity Book that Might Just Change Your Life
One day, I was having a conversation with one of my readers, and they said that I should sell 30 Days of Getting Results as a $30 work book. They liked it much more than the book, Getting Results the Agile Way. They found it to be more actionable and easier to get started, and they liked that I used the system as a way to teach the system.
They said I should make the effort to put it together as a PDF and sell it as a workbook. He said people would want to pay for it because itâs high-value, real-world training, and he said it was better than any live training he had ever taken (and he had taken a lot.)
I got excited by the idea, and it made perfect sense. After all, wouldnât people want to learn something that could impact every single day of their lives, and help them achieve more in work and life and help them adapt and compete more effectively in our ever-changing world?
I went to go put it together, and I had already done it.Set Your Productivity on Fire
When youâre super productive, itâs easy to forget some of the things you create because they so naturally flow from spending the right time, on the right things, with the right energy. Youâll naturally leave a trail of results from experimenting and learning.
Whether you want to be super productive, or do less, but accomplish more, check out the ultimate free productivity guide:
Share it with friends, family, colleagues, and whoever else you want to have an unfair advantage in our hyper-competitive world.
Lifting others up, lifts you up in the process.
If you have a personal story of how 30 Days of Getting Results has helped you in some way, feel free to share it with me. Itâs always fun to hear how people are using Agile Results to take on new challenges, re-invent their productivity, and operate at a higher level.
Or simply get started again âŠ like a fresh start, for the first time, full of new zest to be your best.
"Whatever you do in life, surround yourself with smart people who'll argue with you." -- John Wooden
Thereâs a very simple way to get smarter.
You can get smarter by creating categories.
Not only will you get smarter, but youâll also be more mindful, and youâll expand your vocabulary, which will improve your ability to think more deeply about a given topic or domain.
In my post, The More Distinctions You Make, the Smarter You Get, I walk through the ins and outs of creating categories to increase your intelligence, and I use the example of âfat.â I attempt to show how âFat is badâ isnât very insightful, and how by breaking âfatâ down into categories, you can dive deeper and reveal new insight to drive better decisions and better outcomes.
Iâm this post, Iâm going to walk this through with an example, using âsecurityâ as the topic.
The first time I heard the word âsecurityâ, it didnât mean much to me, beyond âprotect.â
The next thing somebody taught me, was how I had to focus on CIA: Confidentiality, Integrity, and Availability.
That was a simple way to break security down into meaningful parts.
And then along came Defense in Depth. A colleague explained that Defense in Depth meant thinking about security in terms of multiple layers: Network, Host, Application, and Data.
But then another colleague said, the real key to thinking about security and Defense in Depth, was to think about it in terms of people, process, and technology.
As much as I enjoyed these thought exercises, I didnât find them actionable enough to actually improve software or application security. And my job was to help Enterprise developers build better Line-Of-Business applications that were scalable and secure.
So our team went to the drawing board to map out actionable categories to take application security much deeper.
Right off the bat, just focusing on âapplicationâ security vs. ânetworkâ security or âhostâ security, helped us to get more specific and make security more tangible and more actionable from an Line-of-Business application perspective.Security Categories
Here are the original security categories that we used to map out application security and make it more actionable:
Each of these buckets helped us create actionable principles, patterns, and practices for improving security.Security Categories Explained
Here is a brief description of each application security category:
Input and Data Validation
How do you know that the input your application receives is valid and safe? Input validation refers to how your application filters, scrubs, or rejects input before additional processing. Consider constraining input through entry points and encoding output through exit points. Do you trust data from sources such as databases and file shares?
Who are you? Authentication is the process where an entity proves the identity of another entity, typically through credentials, such as a user name and password.
What can you do? Authorization is how your application provides access controls for resources and operations.
Who does your application run as? Which databases does it connect to? How is your application administered? How are these settings secured? Configuration management refers to how your application handles these operational issues.
How does your application handle sensitive data? Sensitive data refers to how your application handles any data that must be protected either in memory, over the network, or in persistent stores.
How does your application handle and protect user sessions? A session refers to a series of related interactions between a user and your Web application.
How are you keeping secrets (confidentiality)? How are you tamper-proofing your data or libraries (integrity)? How are you providing seeds for random values that must be cryptographically strong? Cryptography refers to how your application enforces confidentiality and integrity.
When a method call in your application fails, what does your application do? How much do you reveal? Do you return friendly error information to end users? Do you pass valuable exception information back to the caller? Does your application fail gracefully?
Auditing and Logging
Who did what and when? Auditing and logging refer to how your application records security-related events.
As you can see, just by calling out these different categories, you suddenly have a way to dive much deeper and explore application security in depth.The Power of a Security Category
Letâs use a quick example. Letâs take Input Validation.
Input Validation is a powerful security category, given how many software security flaws and how many vulnerabilities and how many attacks all stem from a lack of input validation, including Buffer Overflows.
But hereâs the interesting thing. After quite a bit of research and testing, we found a powerful security pattern that could help more applications stand up to more security attacks. It boiled down to the following principle:
Validate for length, range, format, and type.
Thatâs a pithy, but powerful piece of insight when it comes to implementing software security.
And, when you canât validate the input, make it safe by sanitizing the output. And along these lines, keep user input out of the control path, where possible.
All of these insights flow from just focusing on Input Validation as a security category.Threats, Attacks, Vulnerabilities, and Countermeasures
Another distinction our team made was to think in terms of threats, attacks, vulnerabilities, and countermeasures. We knew that threats could be intentional and malicious (as in the case of attacks), but they could also be accidental and unintended.
We wanted to identify vulnerabilities as weaknesses that could be addressed in some way.
We wanted to identify countermeasures as the actions to take to help mitigate risks, reduce the attack surface, and address vulnerabilities.
Just by chunking up the application security landscape into threats, attacks, vulnerabilities, and countermeasures, we empowered more people to think more deeply about the application security space.Security Vulnerabilities Organized by Security Categories
Using the security categories above, we could easily focus on finding security vulnerabilities and group them by the relevant security category.
Here are some examples:
Auditing and Logging
Again, using our security categories, we could then group threats and attacks by relevant security categories.
Here are some examples of security threats and attacks organized by security categories:
Auditing and Logging
Now here is where the rubber really meets the road. We could group security countermeasures by security categories to make them more actionable.
Here are example security countermeasures organized by security categories:
Auditing and Logging
As you can see, the security countermeasures can easily be reviewed, updated, and moved forward, because the actionable principles are well organized by the security categories.
There are many ways to use creating categories as a way to get smarter and get better results.
In the future, Iâll walk through how we created an Agile Security approach, using categories.
Meanwhile, check out my post on The More Distinctions You Make, the Smarter You Get to gain some additional insights into how to use empathy and creating categories to dive deeper, learn faster, and get smarter on any topic you want to take on.
"Innovationâthe heart of the knowledge economyâis fundamentally social." -- Malcolm Gladwell
Iâm a big believer in having clarity around what you help your customers do.
I was listening to Satya Nadellaâs keynote at the Microsoft Worldwide Partner Conference, and I like how he put it so simply, that we help our customers transform.
Hereâs what Satya had to say about how we help our customers transform their business:
âThese may seem like technical attributes, but they are key to how we drive business success for our customers, business transformation for our customers, because all of what we do, collectively, is centered on this core goal of ours, which is to help our customers transform.
When you think about any customer of ours, they're being transformed through the power of digital technology, and in particular software.
There isn't a company out there that isn't a software company.
And our goal is to help them differentiate using digital technology.
We want to democratize the use of digital technology to drive core differentiation.
It's no longer just about helping them operate their business.
It is about them excelling at their business using software, using digital technology.
It is about our collective ability to drive agility for our customers.
Because if there is one truth that we are all faced with, and our customers are faced with, it's that things are changing rapidly, and they need to be able to adjust to that.
And so everything we do has to support that goal.
How do they move faster, how do they interpret data quicker, how are they taking advantage of that to take intelligent action.
And of course, cost.
But we'll keep coming back to this theme of business transformation throughout this keynote and throughout WPC, because that's where I want us to center in on.
What's the value we are adding to the core of our customer and their ability to compete, their ability to create innovation.
And anchored on that goal is our technical ambition, is our product ambition.â
Transformation is the name of the game.You Might Also Like
You hear Mobile-First, Cloud-First all the time.
But do you ever hear it really explained?
I was listening to Satya Nadellaâs keynote at the Microsoft Worldwide Partner Conference, and I like how he walked through how he thinks about a Mobile-First, Cloud-First world.
Hereâs what Satya had to say:
âThere are a couple of attributes.
When we talk about Mobile-First, we are talking about the mobility of the experience.
What do we mean by that?
As we look out, the computing that we are going to interface with, in our lives, at home and at work, is going to be ubiquitous.
We are going to have sensors that recognize us.
We are going to have computers that we are going to wear on us.
We are going to have computers that we touch, computers that we talk to, the computers that we interact with as holograms.
There is going to be computing everywhere.
But what we need across all of this computing, is our experiences, our applications, our data.
And what enables that is in fact the cloud acting as a control plane that allows us to have that capability to move from device to device, on any given day, at any given meeting.
So that core attribute of thinking of mobility, not by being bound to a particular device, but it's about human mobility, is very core to our vision.
Second, when we think about our cloud, we think distributed computing will remain distributed.
In fact, we think of our servers as the edge of our cloud.
And this is important, because there are going to be many legitimate reasons where people will want digital sovereignty, people will want data residency, there is going to be regulation that we can't anticipate today.
And so we have to think about a distributed cloud infrastructure.
We are definitely going to be one of the key hyper-scale providers.
But we are also going to think about how do we get computing infrastructure, the core compute, storage, network, to be distributed throughout the world.
These may seem like technical attributes, but they are key to how we drive business success for our customers, business transformation for our customers, because all of what we do, collectively, is centered on this core goal of ours, which is to help our customers transform.â
Thatâs a lot of insight, and very well framed for creating our future and empowering the world.You Might Also Like
Itâs great to get back to the basics, and purpose is always a powerful starting point.
I was listening to Satya Nadellaâs keynote at the Microsoft Worldwide Partner Conference, and I like how he walked through the Microsoft mission in a mobile-first, cloud-first world.
Hereâs what Satya had to say:
âOur mission: Empowering every person and every business on the planet to achieve more.
(We find that by going back into our history and re-discovering that core sense of purpose, that soul ... a PC in every home, democratizing client/server computing.)
We move forward to a Mobile-First, Cloud-First world.
We care about empowerment.
There is no other ecosystem that is primarily, and solely, built to help customers achieve greatness.
We are focused on helping our customers achieve greatness through digital technology.
We care about both individuals and organizations. That intersection of people and organizations is the cornerstone of what we represent as excellence.
We are a global company. We want to make sure that the power of technology reaches every country, every vertical, every organization, irrespective of size.
There will be many goals.
What remains constant is this sense of purpose, the reason why this ecosystem exists.
This is a mission that we go and exercise in a Mobile-First, Cloud-First world.â
If I think back to why I originally joined Microsoft, it was to empower every person on the planet to achieve more.
And the cloud is one powerful enabler.You Might Also Like
A while back, a colleague challenged me to find something simple and sticky for the big idea behind Sources of Insight. After trying several phrases, hereâs the one that stuck:
Skilled for Life
He liked it because it had punch. It also had a play on words, and you could read it two different ways.
I like it because it captured the big idea behind Sources of Insight. The whole purpose behind the site is to help as many people improve the quality of their life as possible.
Iâve found that skills can make or break somebodyâs chance for success. And, I donât just mean from a career perspective. To be effective in all areas of our life, we need skills across several domains:
Skilled for Life is meant to be a very simple phrase, with a very intentional outcome:
Equip you with the skills you need to survive and thrive in todayâs world.
Itâs all about personal empowerment.
Not everybody gets the right mentors, or the right training, or the right breaks. So Sources of Insight is designed from the ground up to be your personal success library that helps you make your own breaks, create your opportunities, and own your destiny.
By sharing the worldâs best insight and action for work and life. By providing you with very real skills for mastering emotional intelligence, intellectual horsepower, creative brilliance, interpersonal relationships, career growth, health, and happiness (yeah, happiness is a skill you can learn). And by providing you with principles, patterns, and practices for a smarter, more creative, and more capable you.
To give you one simple example of how happiness is a skill, let me tell you about the three paths of happiness according to Dr. Martin Seligman:
You can think of them like this: The Pleasant Life is all about pleasures, here and now. The Good Life is about spending more time in your values. The Meaningful Life is about fulfillment by helping the greater good, using your unique skills. Itâs giving our best where we have our best to give, and moving up Maslowâs stack.
When you know the three paths of happiness, you can more effectively build your happiness muscles. For example, you can Discover Your Values, so that you can spend more time in them, and live life on your terms.
Thatâs just one example of how you can improve your self-efficacy with skill.
There is a vast success library of everything from inspirational quotes to inspirational heroes, as well as principles, patterns, and practices for skills to pay the bills and lead a better life. Sources of Insight is a dojo of personal development, and your jump start for realizing your potential.
I invite you to check out the following page on Sources of Insight, where I share what Skilled for Life is all about:
Skills empower you.
âIf You Want To Go Fast, Go Alone. If You Want To Go Far, Go Togetherâ â African Proverb
I blew the dust off some olds posts to rekindle some of the most important information for work and life.
Itâs about dealing with people you canât stand.
Whether you think of them as jerks, bullies, or just difficult people, the better you can deal with difficult people, the better you can get things done and make things happen.
And the more you learn how to bring out the best, in people at their worst, the less youâll find people you canât stand.How To Bring Out the Best in People at Their Worst (Including Yourself)
Everything I needed to learn about dealing with difficult people, I learned from the book Dealing with People You Canât Stand: How to Bring Out the Best in People at Their Worst, by Dr. Rick Brinkman and Dr. Rick Kirschner.
Itâs one of the most brilliant, thoughtful books Iâve ever read on interpersonal skills and dealing with all sorts of bad behaviors.
The real key to dealing with difficult behavior is more than just recognizing bad behaviors in other people.
Itâs recognizing bad behaviors in yourself, the kind that contribute to and amplify other peopleâs bad behaviors.
The more you know, the more you grow, and this is truly one of those transformational books.Learn How To Deal with Difficult People (and Gain Some Mad Interpersonal Skills)
Iâve completely re-written my pot that provides an overview of the big ideas in Dealing with People You Canât Stand:
Even better, Iâve re-written all of my posts that talk through the 10 Types of Difficult People, and what to do about them.
I have to warn you: Once you learn the 10 Types of Difficult People, youâll be using the labels to classify bad behaviors that you experience in the halls, in meetings, behind your back, etc.
With that in mind, here they are âŠ10 Types of Difficult People
Here are the 10 Types of Difficult People at a glance:
I warned you. Are you already thinking about some Snipers in a few meetings that you have, or is there a Yes Person driving you nuts (or are you that Yes Person?)
Have you talked to a Think-They-Know-It-All lately, or worse, a Know-ItâAll?
Never fear, Iâve included actionable insights and recommendations for dealing with all the various bad behaviors youâll encounter.The Lens of Human Understanding
If all this talk about dealing with difficult people, and having silly labels seems like a gimmick, itâs not. Itâs actually deep insight rooted in a powerful, but simple framework that Dr. Rick Brinkman and Dr. Rick Kirschner refer to as the Lens of Human Understanding:
Once I learned The Lens of Human Understanding, so many things fell into place.
Not only did I understand myself better, but I could instantly see what was driving other people, and how my behavior would either create more conflict or resolve it.
But when you donât know what makes people tick, itâs very easy to get ticked off, or to tick them off.
Hereâs looking at you âŠ and other people âŠ and their behaviors âŠ in a brand new way.You Might Also Like
I know several people looking for inspiration.
I believe the right words ignite or re-ignite us.
There is no better way to prime your mind for great things to come than filling your head and hear with the greatest inspirational quotes that the world has ever known.
Of course, the challenge is finding the best inspirational quotes to draw from.
Well, here you go âŠ3 Great Inspirational Quotes Collections at Your Fingertips
I revamped a few of my best inspirational quotes collections to really put the gems of insight at your fingertips:
Each of these inspirational quotes collection is hand-crafted with deep words of wisdom, insight, and action.
You'll find inspirational quotes from Charles Dickens, Confucius, Dr. Seuss, George Bernard Shaw, Henry David Thoreau, Horace, Lao Tzu, Lewis Carroll, Mahatma Gandhi, Oprah Winfrey, Oscar Wilde, Paulo Coelho, Ralph Waldo Emerson, Stephen King, Tony Robbins, and more.
You'll even find an inspirational quote from The Wizard of Oz (and itâs not âThereâs no place like home.â)Inspirational Quotes Jump Start
Here are a few of my favorites inspirational quotes to get you started:
âCourage doesnât always roar. Sometimes courage is the quiet voice at the end of the day saying, âI will try again tomorrow.ââ
â Mary Anne Radmacher
âDo not follow where the path may lead. Go, instead, where there is no path and leave a trail.â
â Ralph Waldo Emerson
âDonât cry because itâs over, smile because it happened.â
â Dr. Seuss
âIt is not length of life, but depth of life.â
â Ralph Waldo Emerson
âLife is not measured by the number of breaths you take, but by every moment that takes your breath away.â
âYou live but once; you might as well be amusing.â
â Coco Chanel
âIt is never too late to be who you might have been.â
â George Eliot
âSmile, breathe and go slowly.â
â Thich Nhat Hanh
âWhat lies behind us and what lies before us are tiny matters compared to what lies within us.â
â Ralph Waldo Emerson
These inspirational quotes are living breathing collections. I periodically sweep them to reflect new additions, and I re-organize or re-style the quotes if I find a better way.
I invest a lot of time on quotes because Iâve learned the following simple truth:
Quotes change lives.
The right words, at the right time, can be just that little bit you need, to breakthrough or get unstuck, or find your mojo again.
Have you had your dose of inspiration today?
"A leader is one who knows the way, goes the way, and shows the way." -- John C. Maxwell
How many people do you know that talk a good talk, but donât walk the walk?
Or, how many people do you know have a bunch of ideas that you know will never see the light of day? They can pontificate all day long, but the idea of turning those ideas into work that could be done, is foreign to them.
Or, how many people do you know can plan all day long, but their plan is nothing more than a list of things that will never happen? Worse, maybe they turn it into a team sport, and everybody participates in the planning process of all the outcomes, ideas and work that will never happen. (And, who exactly wants to be accountable for that?)
It doesnât need to be this way.
A lot of people have Hidden Strengths they can develop into Learned Strengths. And one of the most important bucket of strengths is Leading Implementation.
Leading Implementation is a set of leadership skills for making things happen.
It includes the following leadership skills:
Letâs say you want to work on these leadership skills. The first thing you need to know is that these are not elusive skills reserved exclusively for the elite.
No, these are commonly Hidden Strengths that you and others around you already have, and they just need to be developed.
If you donât think you are good at any of these, then before you rule yourself out, and scratch them off your list, you need to ask yourself some key reflective questions:
Iâve seen far too many starving artists and unproductive artists, as well as mad scientists, that had brilliant ideas that they couldnât turn into reality. While some were lucky to pair with the right partners and bring their ideas to live, Iâve actually seen another pattern of productive artists.
They develop some of the basic leadership skills in themselves to improve their ability to execute.
Not only are they more effective on the job, but they are happier with their ability to express their ideas and turn their ideas into action.
Even better, when they partner with somebody who has strong execution, they amplify their impact even more because they have a better understanding and appreciation of what it takes to execute ideas.
Like talk, ideas are cheap.
The market rewards execution.