Can the (new) Scrum Values change your culture?

Can the (new) Scrum Values change your culture?

Can The New Scrum Values Change Culture?

In the first update to The Scrum Guide™ , “The Definitive Guide to Scrum” for three years, Ken Schwaber (@kschwaber) and Jeff Sutherland (@jeffsutherland) have put the heart back into Scrum by introducing a new ‘Scrum Values’ section. Ken and Jeff suggest that by adopting these values not only can you put the life back into Scrum, but you could also change the culture of your entire organisation, and even your life. The Scrum Values they call out are:

  • Commitment
  • Focus
  • Openness
  • Respect
  • Courage

If you’re looking for some values to live your life by, or maybe slightly more modest goals of trying to improve the efficiency of your Scrum team or change the culture of an organisation, then this looks like a pretty good list to go by. At only 142 words, the newly added Values section of The Guide maintains the concise nature of the previous version but will no doubt trigger much interpretation and debate. Fortunately, you can hear what Jeff and Ken really meant thanks to Episode 14 of Scrum Pulse where they discuss why these values are important and the full revision can be found on Page 4 of The Guide, or on Scrum Guide.Org’s Revisions Page.

But why have these values been added now?

Ken explains that whilst the ‘Scrum Values’ section may be new, the values themselves have always been “out there”. They were first articulated in Agile Software Development with Scrum in 2001 (written by Ken and @mikebeedle), but that pre-dates widespread adoption of Scrum and may explain why they have gone unnoticed by many.

In the video, Ken describes these values as “the lifeblood of Scrum” and suggests that without people living these values that the artefacts, events and roles are just an “empty skeleton”. If I reflect on my experiences of Scrum, at times it has definitely felt like some people (at all levels) are going through the motions; just following the ‘process’; that there is no heart or soul; no deep belief that this is a better way. If you’re experiencing that, then maybe adopting these values can give your Scrum a new lease of life. Scrum is not a constricting, detailed step by step process, that tells you exactly how things must be done. It’s a framework, that tells you what to do, but not how to do it. The new Values section clearly highlights the values that people need to sign up to so that Scrum can be brought to life. These values need to be lived and breathed, by all those that are involved in Scrum, and by doing so may go a long way to changing the culture in your team and the wider organisation.

Who is leading the change?

Sometimes Scrum is implemented as a Top Down initiative by someone who’s been brought in to transform the business, react to customer’s needs more quickly and change the culture. Sometimes Scrum is implemented from the Bottom Up, by a team that just want to improve, use the latest methodology, and do the best they can. If you work in a largish organisation it may not be so clear-cut, maybe it’s more from the middle(ish), Down (into your team), Up (into the management layer above), and Across (into different departments). Irrespective of how Scrum is being introduced it’s inevitable that you will find barriers to the change that you’re trying to make. That’s natural, but with Continuous Improvement central to the Scrum framework (as Jeff points out) there is going to be constant, incremental improvements, and that means constant change, so make sure everyone goes into Scrum with their eye’s open and fully committed.

You don’t need to be a Scrum Master to master Scrum.

Scrum is a simple framework, but hard to master. Having a Scrum Master / Coach will no doubt help your adoption of Scrum but don’t rely entirely on them. No matter who is driving the change, where you sit in your company structure I think these values can benefit us all. If you’re a dev adopt them, even if no one else does. If you’re a team lead, adopt them and lead by example. If you’re a C-Level exec become a master of Scrum, adopt Scrum in your C-Level team (it’s not just for the Development Team. Check out this helpful Harvard Business Review article Embracing Agile). By adopting these new values, you can put the heart back into Scrum and lead a cultural revelation. The values tell us what we need to do, but remember it’s a framework so you need to decide how. want to make the world a more successful place…person by person, company by company. If you need an high impact Interim to deliver your change agenda give them a shout here..


The Learning Machine: Controlled Agility

The Learning Machine: Controlled Agility

“Agile” is one of those horribly overused words in the IT industry that means different things to different people.  Views range from “Great! No plans, documents or deadlines!” to “I am a Certified Practitioner and we do it this way.”

Successful “agile” means having enough process (and no more) to enable the release of meaningful, incremental product changes – then measure what difference those changes make and feed that back into deciding what to do next – a “Learning Machine”.

Most new product ideas turn out to be unsuccessful.  Moreover, it is notoriously hard – indeed impossible – to predict in advance which of a range of plausible-sounding product ideas is actually going to work.

Most successful products are actually the sum of a large number of good design decisions. (Think Macbook Air.)  If you can find a way to generate a lot of individual improvements, then you have a chance to make a big difference to your product.  A good brainstorming session, combined with customer feedback, will generate a long list of candidates for “how to make the product better”.

So how does it work?

  • For each plausible idea generate a quick and inexpensive plan for how to test it out and measure success – a hypothesis
  • Run the Learning Machine in week-long cycles; sift the ideas and decide which experiments to run
    • Is this idea going to pan out in a reasonable timeframe?
    • Will the idea make a measurable, meaningful difference?
    • Is this going to be costly to develop and test?
  • Run the experiments and analyse the findings. Most hypotheses will prove unsuccessful.  What matters is to test a lot of ideas in a short space of time, and minimise the amount of time and effort it takes to discover whether a hypothesis is successful
  • Kill off the ideas with no legs; rework and retest the ideas with some potential until you find something that really works
  • Once on to a winner, develop the idea properly – this can take longer than seven days for more complex ideas

The Learning Machine attempts to merge the best of Lean UX and agile to foster a culture of experimental iteration and continuous improvement.  It directs resources and energy to the features that matter most to customers and saves considerable amounts of wasted time and effort. picture of hacker

The Future of Hacking and Why Small Businesses Should be Taking It Seriously

An interview by Hiscox with  CISO Phil Cracknell



Cybercrime can and probably will be used as a tool to compromise the financial infrastructure of entire countries, says cyber-security specialist Phil Cracknell.

From business protection to cyber wars, Phil gives us his insight into the future of hacking and how we’re all more at risk than we realise.

What’s probably most concerning about all of this, is that small businesses play a crucial part in many major cybercrime plots. They’re easier to hack than the big corporations, and they’re usually connected to larger supply chains giving hackers a way in to the top.


It’s time to look at the bigger picture with cyber security

Yet, when it comes to what’s motivating hackers, it’s not all about money – although it can often be traced back to that. If you’re stealing the recipe for the next wonder drug or the designs for a Grand Prix team’s car, you’re clearly motivated by money. The same goes for music and films. The Sony hack in 2014 is a good example of that.

But then you’ve got your cyber wars, which are taking place every day. People are hacking governments to steal information and secrets in the same way we have spies and double agents.

I just came from a ten-month assignment at a train company in the UK, who are going ahead with plans to move all of their signalling to the train cabins instead of a central signalling centre. So if two trains need to stop for another to pass by, the three of them will negotiate between them who gets to go first. Bring a cybercriminal with a vicious motive and the ability to hack these trains into the equation, and you’ve got a very dangerous situation.

It will take a catastrophic event to lead to reform

My prediction for the future of hacking is that there’ll be a massive event that’ll lead to loss of life. Several terrorist plots involving cybercrime have already undoubtedly been foiled, and it’s only a matter of time before one takes hold. They might be very simple or they might be very elaborate. For example, there have been blackouts in North America and Ukraine over the past few years. These are cyber-attacks against the critical national infrastructure, which is why governments are investing so much in cyber defence. They’re considering it as one of the top threats now. If you can take over a drone, you’ve got control – it doesn’t matter about the size of armies because they rely on communication and intelligence. If you can control that, you can send them in the wrong direction to essentially shoot each other.

There’s still a widespread disregard for cyber security because it’s not in peoples’ faces yet. But an event like this would lead to major reform.

There’s an ecosystem of hackers and we need to be wary of them all

There are many ‘smaller time’ hackers that do it more for the kudos it gives them in their network rather than aiming to carry out organised crime. But they’re still dangerous. These opportunistic hackers are often groomed by other, more serious hackers who’ll tell them to attack a certain IP address. And the smaller-time hackers will do it because they believe they’re doing a valuable job in taking down a bad organisation or similar. There’s a bit of a ‘we’re going to take over the world’ attitude. And while these small attacks are taking place there’ll be a much bigger one happening in the background. We refer to this as ‘noise’ – it’s people rattling the door handle, but in real terms.

Small businesses aren’t immune to cyber threats

SMEs need to remember that even though they’re small in size, if they’re part of a larger supply chain, they’re still vulnerable. Anyone that supplies to trains, buses, planes, energy companies or any other organisation considered critical to the national infrastructure could provide a way for hackers to get into where they want to be. The last four biggest hacks in the world – Sony, AT&T, eBay and Target – were able to happen because of a third party supplier being compromised. And if enough small businesses were attacked it could threaten our country’s entire financial infrastructure.

It’s also become quite common for smaller businesses to be targeted with ransomware, which is a type of malicious software that blocks access to a computer system or encrypts files on it. It’s used to demand money from people and only when they’ve paid up can they have their files back.

Most big organisations would be able to repel a ransomware attack but that’s not the case for smaller ones. They find themselves with encrypted files and unable to run their business, meaning the only real option is to pay the money.

Seek external help to keep your business secure

If you own a small business you probably don’t need to employ a security expert full time, but it’s wise to seek external help to guide you and check that you’re secure on a regular basis. It’s a good idea to seek specialist help and contract a Chief Information Security Officer (CISO).  They’ll help you with things like patching, which is a method used to fix known vulnerabilities in computer systems – often used by hackers as a way in.

It’s also important to get the culture within your business right. Training your staff to spot an attack is key because relying on technology is often not enough. For example, at a basic level all staff should be aware of what spam emails and fake webpages look like. Plus, while anti-virus and firewall programs can detect viruses and system vulnerabilities, you can’t rely on them to protect you against cyber-criminals actually tricking you in person, otherwise known as ‘social engineering’. Getting a professional in to deliver a training session for your staff is a good way to make sure they’re clued up on this.

Social engineering is a very common method of getting credentials

Imagine the scenario. A British Telecoms (BT) engineer turns up in full uniform at your business premises. They claim that your main phone line is down due to a problem in the area. You check the line – it’s dead. Your customers can’t get through to you and you’re losing money by the minute. How likely are you to let the engineers get on with their job and fix things? You’re probably just grateful there’s someone there to help. But what if they weren’t real engineers? Hackers have been known to create crises for businesses, like cutting their phone line, only to turn up and ‘save the day’ a few minutes later. What they’re really doing is getting potentially unlimited access to the business’s network. This is a classic example of social engineering.

There only needs to be a few key things in place for people to fall for this kind of activity. For example, a hacker may ring up a company and speak to one member of staff to get hold of some seemingly harmless information. They’d then ring back on another line and speak to someone else, using this information to convince that person that they’re legitimate. Having a few details to hand such as employees’ names and dates of birth means people are much more likely to trust them.

This is a very common way of stealing credentials and plays a big role in large-scale hacks. In most of the major hacking scandals to have taken place, there will have been an element of social engineering to obtain information. Sometimes this takes place electronically, known as phishing. So a hacker will create a fake web page that looks like it’s legitimate, which will ask a user to change their password.

Always be vigilant when giving out your details

To avoid being socially engineered, always be wary of who you’re giving details to, whether it’s on the phone, in person or online. If you receive an email with a link in it asking you to change your password for something like Facebook, don’t follow it. Instead, manually type the Facebook URL address into your browser and see if the website asks you to change your password that way. It’s important to never follow the link because it could either take you to a fake web page or allow something like ransomware to be downloaded onto your computer.

Cyber insurance is going to change the world

Hacking activity is spread far and wide, and is being used for multiple different purposes across the globe, some of them very sinister. But it’s not all doom and gloom. This is why I think cyber insurance is going to change the world. I genuinely believe that if you’re a small business owner, cyber security should be up there at the top of your list of priorities. It’s not an optional extra, just like business insurance isn’t. And when you look at the bigger picture, you can see why.

Future CTO Coaching and New CTO Coaching

Future CTO Coaching and New CTO Coaching

Future CTO and New CTO Coaching

If someone aspires to a CTO role for their company (or has recently been appointed to the role) then they will almost certainly benefit from coaching from very experienced CTOs such as the ones within the network to help them to be a successful and effective CTO. has worked with a number of IT Leaders stepping up to a CTO role and we suggest working with the individual and the company leadership team to

    • Validate the support and opportunity for a CTO role within the company and define what success would look like for the company (via leadership team/stakeholder consultation etc).

    • Round out the picture of the future/new CTO’s work style and look at their personal SWOT (strengths, weaknesses, opportunities and threats).

    • Work with the new/prospective CTO to bring to life the “what” and the “how” of great CTOs


Co-create a “Path to CTO” roadmap (with timescales and milestones) to guide the prospective/new CTO on their leadership journey.

We suggest a short spike of 1-2 days to deliver these things followed by a periodic check-in/report of 1 day per month for 6-12 months until the CTO is successful in role. is flexible on timescales an can initiate the engagement whenever is optimum.


Interested? Give us a shout…