London 20190320 Retro

[zeroXten]

Please share any thoughts about what went well, what could be done differently etc. here.

[zeroXten]

I'll start it off. I think a lot of people got great value out of attending the session, and it sounds like there were a lot of great discussions happening. I'm wondering if the outcomes are actionable enough through. I've written them up and they're interesting to read - but I'm not sure what sort of changes they might drive. Perhaps that's too much to expect from a first session, but there might be more structure approaches to the sessions that could give a more actionable focus.

One example might be to agree as a group on a problem definition, and then end by proposing 3 possible solutions. Or something like that anyway.

[catfur]

I think the meet-up for Threat Modelling went well, the idea of picking a few topics people were interested and then assigning a value (3,2,1) was really good.

I agree the way forward being collectively selecting a problem definition and solution proposal through group discussions and then selecting the best method out of the few teams/or selecting a hybrid of some sort. Performing this would have great benefit to all (different perspective/tools/ideas/current solutions). (Den)

[zeroXten]

Another alternative might be to build up a catalogue of advice that the discussions feed into. To borrow from a user story syntax, each discussion group could come up with one or more of the following "stories" that could all be grouped and collected here somewhere". The syntax (basically just a template) could be something like:

As a AUDIENCE I should ADVICE Because BENEFITS Resulting in OUTCOMES

For example

As a product owner I should threat model each major new epic story Because it will

• allow me to understand security requirements upfront
• better scope and prioritise the epic against other work Resulting in reduced delivery risks and delays