The Business of Privacy

University economics classes provided me with some great terms, like “negative externalities”. A negative externality is a cost suffered by a third party to a transaction. Group A is producing widgets for Group B, but dumps expensive-to-clean up waste into a river of drinking water that Group C uses. Group A produces for a lesser expense, Group B gets the benefit of that production, but Group C bears the cost. That’s a negative externality.

There’s two basic ways we, as a society, deal with those issues. We can accept them, or we can seek government intervention. The basics of a business education suggests that government exists to provide a framework and level playing field for market participants. Government is the only entity with coercive powers. In the United States, this power is expressed through both legislation and the court system. Either can impose penalties for failure to live up to standards. Regulation isn’t “bad” or “good”, it just changes incentives for different parties, hopefully resulting in fairer outcomes for all stakeholders.

It is understandable how Equifax, as a company, had loose controls. There is a constant drive to reduce IT costs, even for companies in the business of information. Do more with less can strip IT departments of both personnel and knowledge in a race to the bottom; do enough, and just enough, to conduct business and no more. In all, Equifax had few incentives to be responsible in a data breach that affected nearly every adult citizen of the United States. The current environment has been favorable to deregulation of business. Third parties, which includes every person who had their personal data exposed, have no power and were therefore not considered when making company choices. While this is understandable, it is not acceptable.

My interest in privacy and security is rooted in my interest in ethics, and I want to inspire you to share that interest. Business leaders must be responsible and accountable for the actions of the organizations they lead, and we must give our people and projects an ethical framework to do business in. It is essential that we be good corporate citizens, and live up to the trust that society has placed in us.

Manage your Mythology

It’s no secret that Bioware’s 2003 Knights of the Old Republic renewed my interest in Star Wars. My office contains a tasteful collection of photos and memorabilia. It surprises coworkers who visit for the first time, breaking the ice, and often starts a conversation. People will smile, and tell me a story. I’ve learned a lot of things that way. One coworker reflected on how he loved Star Wars as a child, and was thrilled to share it with his own children who likewise loved it. Another coworker’s daughter has a ForceFX lightsaber – I know, since her dad liked mine and bought a boxed one from my collection as a present. A young coworker from China was a fan of Star Wars, and is now my friend, because of our mutual journey “to be Jedi, not dirt-farmers on Tatooine.” My office serves a purpose, putting people at ease and giving us something common to relate to.

In the days when my company was occasionally referred to as “the evil Empire”, everyone recognized my tiny super-charged sports car:

That was both good and bad. Image has both connotations and complexity. The license plate was a good display of humor and an interesting talking point (“You’re Darth Loren? Wow, I was expecting someone taller!”), but also associated with, literally, the Most Awful Guy in the Galaxy. Should everyone’s first impression be that they’re going to be subject to “aggressive negotiations”? No, better to be known a Jedi Knight who was revered for restraint, wisdom and dedication. That’s the sort of person people want to work with. It’s not just what you’ve done, it’s what people think you’ve done.

That transformation took time. The company changed, I changed with it. I learned and grew. I sold that car, but it took time for people to forget SITHLRD, and see THEJEDI instead. That’s why I titled this article “Manage your Mythology.” You need to be thinking of the image you put forth, and how your actions influence perception. It’s not just the story you tell, but the stories that are told about you.

Consider, do you always say what you’ll do, and then do what you said? Do you honor agreements you’ve made, even when it turns out they disadvantage you? Are you helpful, willing to go the extra mile to lend a hand or freely offer knowledge that might assist? Do you do simple things, like smile and say hello at the coffee station? Contrast that striding into a room in black armor, announcing that you are there to get things back on schedule! Yup, that makes a lasting impression; nope, it’s not the reputation you want to have.

So here are some tips and thoughts about managing your mythology:

As you tell your story to others, something I was told to consider was to the effect of, “will you get caught out and will anyone care?” By this, it’s meant you are welcome to tighten and brighten your story, but it should be true. Consider “my friend Sue and I got ice cream, and you can’t imagine what happened next!…” Well, Joe was there, too, but he’s not part of the story. Will anyone care? Probably not. Contrast that to Milli Vanilli controversy. That had to be pretty humiliating, but was entirely preventable. Never lay claim to things you didn’t do, and correct misconceptions quickly before they snowball.

ABCD – Always Be Continuously Discovering. There are so many interesting things in the world. Learn. Grow. Follow your passions. Pick up new skills. Share your knowledge. If you find something you’re interested in, learn about it. The more you are curious, the more you discover and the more interesting you are. Maybe you have an interest in construction. That can lead to new opportunities for you, and new stories about you. “Hey, yeah, I know Jeff – we volunteered together building houses for the homeless! Great guy!”

Recognize and thank people for their contributions. I would like to sincerely thank you for reading this article. I am passionate about project management and mentoring. I am thrilled that you are seeing these words. Thank you. I appreciate your support.

Networking is important. Aside from myths about LinkedIn and some ideas on how to use it, two things to consider. First, be interested in someone else’s story. You never know what interesting thing you might learn. For example, I’m a licensed bartender. Bet you didn’t see that one coming – and it’s true! 🙂 Second, just like interviewing, it’s never about what someone can do for you – it’s always about what you can do for them. Did you find out someone has teenager who plays guitar? Do you know the owner of Seattle’s greatest guitar store? Maybe there’s a connection here!

The internet never forgets. I searched myself and found a letter I’d written to PC Magazine when I was maybe fourteen years old. FOURTEEN. People have destroyed their careers over errant Twitter comments. Or doing questionable things during a conference. The world has changed. If you’d be embarrassed to have something on the front page of the New York Times, don’t do it and definitely don’t publish it. Always be on your best behavior, always be just and ethical. It’s important because you never know when something is being recorded for the world to see.

Be positive. Learn how.

Some people will call all this “managing your brand”. That’s legitimate, but a “brand” doesn’t resonate with people. A story will. Components of that story are your professional image. CBS has a good article on that. Here’s another from Forbes. And another two articles, one here and one here, on managing image. The image you project, the things that you do, become a “brand”, and that brand comes alive in the stories you and others will tell about you.

Neil Gaiman has spoken about the importance of stories. Once we are gone, stories are all that remain. Make sure that you not only tell good stories, but that good stories are told about you. Manage your mythology.

Privacy and Projects

“Scientia potentia est.” Thomas Hobbes, Leviathan

“Power tends to corrupt and absolute power corrupts absolutely.” Sir John Dalberg-Acton

Knowledge is power, power corrupts.

Economics classes point out that information is needed for rational decision making, and rational decisions result in the efficient allocation of resources. What happens, though, when one party has information that the other doesn’t? Suppose you bought a house that the owner knew had toxic mold problems but failed to disclose? The seller walked away with more money than would have been possible had information been disclosed, not only an inefficient solution, but one that most people would label unfair. No one would willingly pay more than something is worth to them. Knowledge is power.

The power of private and personal information has been used to impact lives all over the world. It isn’t just a potential. The United States Supreme Court nomination of Robert Bork was upended by his video rental history. Identity theft cost the US $15B in 2014 and 700,000 stolen tax returns in 2015. In World War II and elsewhere, information cost lives.

Privacy matters.

You, your projects, and your company must take privacy into account. This is an article on basic principles. There are also numerous articles to help convince a team that privacy matters. For example, this one on LinkedIn, this one from Santa Clara University, this one from The Atlantic, or this one on a blog. There are resources available from the International Association of Privacy Professionals. Privacy is an ethical obligation. Even if it wasn’t, consider the sanctions that can be levied by the European Union’s General Data Protection Regulation laws for failing to meet requirements.

Remember, information you don’t have, you can’t be forced to disclose or accidentally leak. Information you have, you also have an obligation to secure and protect. When you collect it, you must state for what purposes you will use it and then comply with that statement. Information belongs to the individual, and it’s their right to ask for it to be corrected or deleted. It’s really just that simple.

This article started with two quotes, and finishes with another:

“If you can’t be a good example, then you’ll just have to be a horrible warning.” Catherine Aird


Never Miss a Date!

You can make every software development project successful.



Here’s the secret: Apply PMI’s project management knowledge areas.

It’s that simple.

I’ve been in software development since before high school, and have seen every type of success and failure imaginable. Maybe your project isn’t year-long, involving 200 people across many countries with a budget of a hundred million dollars. Maybe it’s five developers in a basement for a couple of months. I don’t know the particulars of your situation, so I couldn’t do the business analysis necessary to suggest one development methodology over another. Instead, I’m suggesting that the application of knowledge will make your projects better in general. If you understand these knowledge areas, and understand them well, you will understand what trade-offs you are making in your process and projects. That will enable you to better direct your projects to successful outcomes, regardless of the size of your project or development methodology you choose.

In order, the top ten reasons for failure, in order of importance:

  1. Communication Management – Three articles on communication so far. That wasn’t an accident. Projects, first and foremost, live or die by communication.
  2. Risk Management – The solution has been architected, coding has progressed, things are looking good, however the implementation can’t be stabilized. Review indicates a different architecture must be chosen. The schedule is blown, the budget is gone, the project fails. The qualification and quantification of uncertainty is what risk management is about. Every project I’ve seen that failed to “make its dates” had no risk management strategy. It’s not only identifying risks, it’s actively communicating and managing them in a timely manner. A good risk plan will save a project by stating what conditions it will trigger and how act appropriately to manage the impact. Think of it as carrying an extra set of batteries for when you take photos on vacation. Batteries die? No problem! You have another set. Yup, it cost a little money – but documenting your vacation experience is priceless.
  3. Time Management – The usual cycle is for managers to look for estimates, wring every bit of “buffer” out of estimates (the estimator’s attempt to manage uncertainty, which is to say risk), then create a ship date. Has this ever produced an on-time project? Not that I’ve seen. A schedule is a map of the project. It contains all activities (scope), resources to complete (cost), and when those resources need to do the work (time). Failure to create a realistic schedule, then failure to manage against it, cause project failures.
  4. Integration Management – This failure happens on two dimensions. The first is the organization’s leadership doesn’t believe that they need any project management, so either fails to have a project manager or fails to listen to an experienced project manager. The second version of this failure is assigning a project manager who doesn’t have the knowledge or skills to do the job. “You’re great at laying bricks, Bob – we’d like you to manage the construction of our next building.” Unfortunately, Bob is great at bricks, but doesn’t know anything about monitoring and controlling a project.
  5. Scope Management – As the project progresses on an agreed plan, things get added – hey, it should be a simple fix to allow users to change background colors, right? Sure! Scope is everything you’re going to do, and, inversely, everything you’re not going to do. Poor change control, along with an unwillingness to adjust either schedule or cost baselines, results in failed development projects. Every accepted change changes the whole project; have a change control process. Reject scope when appropriate, or accept and re-plan other aspects of the project.
  6. Stakeholder Management – The project was completed in record time, and is ready for implementation. The IT director is assigned the job of deployment and says, “Hey, wait – this won’t work. Half our users are only intermittently connected!” There are basic questions for the start of every project: Were all the stakeholders enumerated? Where their needs and requirements considered? What is the urgency of solution delivery? Failures in this area causes work products to be rejected. Scrum tries to control for this with a product owner who is the source of requirements, but also assumes the product owner has done the right business analysis and thoroughly understands all other stakeholders. If the product owner isn’t a business analyst, you’re probably doing it wrong.
  7. Cost Management – A project merrily moves along, assuming full dedication of all personnel. The reality is that developers are often assigned to many different projects. Managers often fail to account for that and consequently over-allocate developers. Part of that is failure to account for the productivity loss in context switching. Also, managers wrongly assume their project is top priority. Just because it is important to YOUR career doesn’t mean it’s important to someone else’s! Adding more developers doesn’t necessarily mean a project gets done quicker, even if those developers are more senior. As the number of people go up, more work is lost to the “friction” of working cooperatively.
  8. Quality Management – Yup, we wrote a lot of code. Too bad it doesn’t work in integration. Guess we should have planned for that. A quality acceptance plan is important to ensure a development project meets the goals that are set out for it. It can also be a check against gold-plating.
  9. Procurement Management – Okay, okay, stop me if you’ve heard this one: Manager throws out an RFQ, picks the lowest quote, and three months later gets something that doesn’t remotely resemble what was expected. There’s a whole process for managing procurement properly. Not every project has a procurement component, but if one does, it is essential to manage it properly.
  10. Human Resource Management – Each part of this list has started with a dreary failure. Instead, let’s talk about success. A couple years ago, Avengers was a popular movie. I held a “bug smash” (“bash” == “finding”, “smash” == “fixing/resolving”) for one of my teams. It was Hulk-themed, as in “HULK SMASH!” A twice daily report went out recapping the contest, morning and night, for a week. We gave out $50 gift cards along with Hulk-themed prizes for most bugs, most severe bugs, most code reviews completed and most helpful as nominated by peers. It was the most fun we’d had all summer and a good team building exercise. Be a source of motivation and inspiration, and celebrate success with your team.

There you have it – your spell book for success. Go study, then be successful.

Skill and Genius

I never really know what to say when I meet famous people.  It’s awkward.  I mean, we’re complete strangers, but I often know weird and interesting facts about them – that seems uncomfortably invasive.  For actors and writers, I’ve now settled on a simple autograph moment, “I enjoyed your work; thanks for sharing.”  It’s one thing, however, to appreciate skill, but another to appreciate genius.  I’m going to define genius as someone who blends multiple, unrelated skills into a single package that seems marvelously and magically unique.

Paul Reed Smith visited The Seattle Guitar Store in July 2015.  I heard in person some of the stories I’d watched online.  When it was my turn to get my guitar signed, I was so beside myself that I put my guitar case on the counter upside down.  Why?  I’d been reading about PRS Guitars since I was young, long before I could afford one, and here I was meeting The Man Himself – and he is a genius.  His guitars are, literally, like nothing else I’ve ever played or heard.  It’s just not the wonder that are his instruments, it’s the unusual blend of skills that got him to where he is.

What makes Paul Reed Smith a genius?  It is abilities and skills he both possessed and developed.  He started repairing guitars and determined his passion was to build them.  It’s not enough to just build guitars, you have to sell them.  He developed sales skills, pitching them to artists, with his big break coming up when Santana bought one.  To be able to scale meant learning about manufacturing and the business of manufacturing (“If you make 8% in manufacturing, you’ve had a pretty good year”).  He became an expert in marketing, creating a set of differentiated product price points for every budget. He sought mentors in the great builders of guitars to perfect his craft.  He became a better musician along the way, providing even more insight into making guitars. Most of all, the thing that sets him apart from other luthiers, is that he is an engineer and a scientist.  His quest is to understand what makes an instrument great, to know what physical qualities make an instrument special.  He creates a hypothesis, tests against it, and incorporates what he learns.  Year over year, you can see the evolution in the resulting instruments.  I’m passionate about clever engineering and, as far as I know, that engineering skill is unique among guitar builders.  Musician, manufacturer, engineer – an unusual combination.  His passion was building guitars; his genius was in building them better at scale, creating a $40M company renowned for quality and sound.  He did it by constantly learning, constantly improving, constantly developing new skills.

The photographer at is a *genius*. Check those folks out.

What does integration of all those things looks like?  Look at the guitar on the right.  Beyond the masterful photography that highlights its beauty, it is an amazingly figured piece of maple that is unlike any other I’ve seen – look at how the grain on the horn points to the center.  Why are PRS guitars almost “too pretty to play”?  I can nearly hear Paul Reed Smith’s thoughts:  If you see it, and it’s pretty, you’ll want to pick it up.  If you pick it up, you’ll want to play it.  If you play it, you’ll hear the sound.  If you hear the sound, you will buy it.  It starts with how it looks.  If you have any doubt, watch Rob Chapman try to talk himself out of a guitar that sounds wickedly good in his hands… because of the looks!  Paul Reed Smith got it exactly right.

I write about project management, but to be successful, you are going to need to do and be more.  Although it’s said that project managers don’t need to be subject matter experts, to have a career, it’s essential to think of the full range of talent and skills you bring to the table.  What insights do you have that make you unique?  What can you dive into deeply to provide value?  What new things will you learn to maintain marketability beyond your employer?  What synthesis of things make you a genius?

Answer those questions and maybe your next introduction to genius won’t be awkward, because you’ll look in the mirror and that genius will be you.

(If you’re curious, here are some additional links about Paul Reed Smith, with the last highlighting my awkward connection to Andertons…)

Hello, Dolly! Using the Right Tools

Ever change a tire? How much work is it to carefully wrestle a wheel onto its car mount, avoiding banging the calipers or rotors? If those wheels are nearly a foot wide, 27 inches in diameter, and weigh nearly half of what you do – quite a lot! Faced with the problem, I bought a wheel jack – Dolly. With the car on jack stands, Dolly works perfectly to remove one wheel, move it, place another wheel on the Dolly’s rollers, align it to the mounting bolts, and gently place the wheel on the car. This simple tool makes the whole job of swapping tires much less of a chore.

Normally, four wheel jacks are used to lift and move a car. This can be handy if you’ve removed the engine, or if you have a large garage and want to tuck the car a corner for storage. Seeing wheel jacks in use, however, gave me (and apparently many other people) the idea to use one to change tires. Using a single wheel jack to change a tire isn’t the primary use case, however, once you’ve done it, it seems obvious – but my dad, who first taught me about cars, never showed me the trick!

Having learned a trick that works for this job, is a wheel jack the right tool for all jobs? Of course not. Just as there is no one tool for every job, there is no Excalibur to make you Ruler of All Great Projects. Rather, if you know process groups and knowledge areas well, and therefore how to effectively run a project, you can decide what to optimize for in your projects. In software, the quest is not for “the single, best software development practice for ALL projects”, but rather “the single, best software development practice for THIS project.”

Think of it this way – knowledge is your tools. Knowing how and when to creatively use tools to best effect is what makes a craftsman or artist. The process of sizing up the problem provides the insight on how to resolve it. When organizing a development project, it is essential to understand the requirements and constraints, both from your organization and your customers, and then create the best development practices for that specific product and project. Sounds a lot like business analysis, doesn’t it?

Let’s consider organizational requirements and constraints. Two areas to consider is what the PMBOK® calls “enterprise environmental factors” and “organizational process assets.” Enterprise environmental factors are the company culture and existing systems that the project can make use of – or will have to deal with. You could substitute the word “baggage” and get most of the idea. “How we’ve always done it” might help or hurt your project, making it essential to ask questions and review basic assumptions. Organizational process assets are existing process, procedures, and historical information – do you have a bug tracking database you can review? A build system already in place? Other projects to compare? Can you take advantage of process assets to benefit your project? What assets could your project contribute to others?

Think about your development team. Is it one developer or hundreds? Are they in one place or geo-distributed? How many languages and cultures are involved? Is it one unified team or many disparate teams with different managers and goals? Is the team fixed for the duration or the team members rotate and change over time? Is a single company or many companies involved? The team and resources available shape the development project, and shape when and where you’d use traditional or agile methodologies. Planning to use Scrum in a large monolithic, complex, tightly coupled and not well-documented Version 1.0 design with a global team of hundreds across multiple companies? Well, have fun storming the castle!

Customer requirements and constraints are the other influence. Customer requirements will not only define the product, but how you produce it. Whether your product is an embedded system or a cloud application dramatically changes how it can be serviced. Is the product consumer or enterprise? One user or hundreds of millions?  Single installation or high volume on many platforms? Are there legal or industry (healthcare, finance, government) considerations? Is the software free or cost millions of dollars? Is the product a simple game or mission critical avionics? Answers about customer requirements for your product will inform how to optimize your development process. Reliability/quality vs. velocity is an important balance, and needs to be determined by customer expectations and use cases. Software quality issues can be trivial. The “exit seat position” feature in my car has an “arrays start a zero!” bug – it means the seat doesn’t quite return to preset driving position, so I don’t use the feature. For another application, however, software quality issues can be extremely expensive – or even deadly.

There are gotchas in the process.  Micro-optimization can cause poor decisions. If the company produces a million cars, and instead of using a $2 switch per car, you substitute a $1 switch, you’ll get a pat on the back for saving the company a million dollars. If, however, those $1 switches have a MTBF of one year, instead of ten years for the $2 switches, you will cost the company three million in warranty costs (assuming the cars have three year warranties), plus reimbursing dealership labor (which will easily bury the cost of the switches). Also, data-driven decision making can cause difficult-to-metric costs to be ignored or trivialized. Loss of customer trust and goodwill can be devastating, but hard to quantify.

To summarize, project management knowledge is common regardless of the project – but the techniques and details of execution in software development can be very different. Traditional or agile, know the fundamentals, then make intelligent optimizations to meet business and customer goals.

For another take on this topic, read “The Right Way to Ship Software”.  For a story of development gone wrong, read a story about a video game.  You, like me, probably have some genuine empathy for those folks, along the lines of “Oooooh, ouch, yeah, I remember something like that.”

Doing The Right Thing

“Once you start down the dark path, forever it will dominate your destiny.”

That quote from Yoda in The Empire Strikes Back has two meanings. The first, and clear, meaning is that once you start justifying bad acts “for the greater good,” when will you stop? As time goes on, you will justify more and more questionable acts. The ongoing risk-reward calculus blinds you and normalizes bad behavior. The second, and subtler, meaning is once you have a reputation for heinous deeds, it will follow you. No matter how many “good” deeds you do, a single “bad” deed will be remembered. It damages the trust others have in you. People will expect you to behave unethically, and will act accordingly.

What can you derive from this? Ethics. Matter.

The popular news is filled with examples. How do you feel about Volkswagon right now? The $2.8B in penalties and resignation of executives is the least of their trouble. How about Uber? Issues with the company’s culture and ethics have leaked out, forcing change. Turing Pharmaceuticals and the behavior of its former CEO?  My guess is that no one in business is claiming to be that guy’s friend. These are just recent examples. There are many, many more.

The root of many intentional and unintentional lapses is the pressure to perform.  Do it faster, cheaper, or with fewer resources – make more money.  These values can become such a part of a company’s culture that individuals are strongly incentivized to short term gain.  It’s false economy.

Unimpeachable conduct has its benefits. An article in Bloomberg suggests that ethical companies are stronger and last longer. The Wall Street Journal suggests that companies perceived as ethical don’t reap premium prices, but that companies that are perceived as unethical are forced to sell at a steep discount. Forbes points out it is easier to be ethical than unethical.

The message should be clear. It is best to not only avoid impropriety, but the appearance of impropriety. Reputations are hard earned and easily lost. Ethical lapses can have both civil and criminal consequences. Winning at all costs is not winning, it is just the slow and inexorable deterioration of your professional integrity.

Today’s message is to encourage you to really think about ethical behavior and implement in your daily dealings.  Company culture starts with every individual.  Lead by example.   Don’t wake up one day in a black mask with a breathing problem, and wonder “How did I get here?” Instead, be honest and ethical until it is just second-nature.

Yoda: “Once you start down the dark path, forever will it dominate your destiny, consume you it will, as it did Obi-Wan’s apprentice.”
Luke: “Vader… is the dark side stronger?”
Yoda: “No, no, no. Quicker, easier, more seductive.”

Wise words!

(Disclosure: I work for Microsoft Corporation. Microsoft has a clear, and unambiguous, statement about business conduct. It has yearly training for all employees to reinforce that company culture. As a manager and mentor, I’m a passionate supporter of these policies.)