Me in the Mirror

Boz on Avoiding Bottleknecks

I used to work on a product called SD Elements, which did many things, but for this post we’ll just say it was a security requirements tool. There are lots of different ways companies use our product, but one I liked was as a way to help triage what projects security teams should worry about, and which ones they could safely leave alone. Some of our clients had to manage thousands (!!) of software projects. Security teams could set things up so they would be notified when certain tasks were added to a project, when projects were deemed risky, etc. This way teams building new features and fixing bugs could work unhindered most of the time, and teams tasked with worrying about security could focus their efforts on projects that would benefit from their expertise.

I enjoyed this post from Boz that talks about this idea more generally: Bottlenecks vs Bandpass. If you have teams that are normally spread across multiple projects, who are consulted for their domain knowledge, it’s worth investing time in processes, documentation, automation, etc that help speed up or avoid these cross team interactions in the first place. Doing so allows for higher levels of team autonomy and efficiency: people can work without interruption, most of the time. Everyone wins.