Open zeroXten opened 5 years ago
I'll start it off. I think a lot of people got great value out of attending the session, and it sounds like there were a lot of great discussions happening. I'm wondering if the outcomes are actionable enough through. I've written them up and they're interesting to read - but I'm not sure what sort of changes they might drive. Perhaps that's too much to expect from a first session, but there might be more structure approaches to the sessions that could give a more actionable focus.
One example might be to agree as a group on a problem definition, and then end by proposing 3 possible solutions. Or something like that anyway.
I think the meet-up for Threat Modelling went well, the idea of picking a few topics people were interested and then assigning a value (3,2,1) was really good.
I agree the way forward being collectively selecting a problem definition and solution proposal through group discussions and then selecting the best method out of the few teams/or selecting a hybrid of some sort. Performing this would have great benefit to all (different perspective/tools/ideas/current solutions). (Den)
Another alternative might be to build up a catalogue of advice that the discussions feed into. To borrow from a user story syntax, each discussion group could come up with one or more of the following "stories" that could all be grouped and collected here somewhere". The syntax (basically just a template) could be something like:
As a AUDIENCE I should ADVICE Because BENEFITS Resulting in OUTCOMES
For example
As a product owner I should threat model each major new epic story Because it will
- allow me to understand security requirements upfront
- better scope and prioritise the epic against other work Resulting in reduced delivery risks and delays
Please share any thoughts about what went well, what could be done differently etc. here.