The Fundamentals of Agile: STARWEST 2015 Interview with Jeffery Payne


In this interview, TechWell speaks with Jeff Payne, the CEO and founder of Coveros. At STARWEST, he gave a two-day course titled "Fundamentals of Agile Certification."

Jennifer Bonine: We’re back with more virtual interviews here at the conference. I have with me Jeff Payne. Jeff, how are you doing?

Jeff Payne: Good, how are you?

Jennifer Bonine: Good. Jeff and I luckily get to talk a lot. It's a good chance to catch up on what you've been doing. It sounds like you're busy this week?

Jeff Payne: Busy, very busy, yes.

Jennifer Bonine: Very busy. You did an agile fundamentals class for folks?

Jeff Payne: Yes, today.

Jennifer Bonine: Today, that they spent time in. What are people still talking about in terms of that? Are they mostly people who are trying it for the first time, or they've tried it and it's not working and they need some tips? What are you seeing?

Jeff Payne: It's a combination.

Jennifer Bonine: Really?

Jeff Payne: There are certainly people who say ... because I always ask everybody up front, “Why are you here? What are you trying to get out of it?” Some people, this is new to them. They've moved into an organization. They've been told they're moving to agile. They're here to try to figure out what that means.

Jennifer Bonine: "What is that? What do I need to do?"

Jeff Payne: "What is that?" Others are doing it and are having some success, but they want to refine it, pick up some more tips, try some new things. Then there are some people who, their organization says they're doing agile and they are kind of skeptical that it's really agile. They're here to learn what is agile really.

Jennifer Bonine: And validate.

Jeff Payne: Yeah, and then figure out if we're not doing agile, how can we fix the problems.

Jennifer Bonine: Now, that two-day course for people that choose to attend something like that, at the end do they get credits or education credits or a certificate for that then, too?

Jeff Payne: Yes, they do. It's the baseline course for the IC Agile Certification Foundation's course. You get your ICP, your IC Agile Certified Professional Certificate. That allows you then to go into role-based certificate programs. We also give fifteen PDUs for PMI for either your PMP, if you're a PMP-certified project manager, or if you've taken their agile ACP, you get credits toward continuing and maintaining your certification.

Jennifer Bonine: Now for the folks out there obviously that weren't able to attend the conference, is that ever offered virtually, too?

Jeff Payne: It is.

Jennifer Bonine: A virtual session that they could attend meetings?

Jeff Payne: Yes. We hold them publicly around the country and we also do it virtual. Absolutely.

Jennifer Bonine: Great. Where would they go to get information if they wanted to look into it?

Jeff Payne: If you go to the TechWell site, we sell our training through TechWell. All of their class registrations are there. Just look for Fundamentals of Agile, that's our course.

Jennifer Bonine: Awesome. That's great to know. For those of you out there that maybe that sounds kind of interesting or like you would want to do it, that's a good place to go.

Jeff Payne: We get great response from people that come to the class, even people that have taken other training. For instance, I had a participant this week who said, "We had an organization come in and give training, and it was dry and boring."

Jennifer Bonine: Oh no.

Jeff Payne: They said, "You are not dry or boring."

Jennifer Bonine: No. Jeff's won't be dry or boring.

Jeff Payne: They're like, “I'm so glad I came. This was so good.” We get that kind of response even from people that have taken agile training.

Jennifer Bonine: That's awesome. It's good too, right? If you engage with the instructor, people tend to have a better time and they learn more.

Jeff Payne: And they interact with each other.

Jennifer Bonine: It's better.

Jeff Payne: It's very interactive. They're running case study, which keeps everybody engaged.

Jennifer Bonine: That's great, awesome.

Jeff Payne: It's a good course. I love it.

Jennifer Bonine: That's awesome. You guys know now how to get that if you're interested. Besides that this week, you also gave another tutorial on security testing.

Jeff Payne: Yes.

Jennifer Bonine: For those who may not know, you also do a lot around security.

Jeff Payne: We do.

Jennifer Bonine: That's a big topic, has been for a while, since we see all the breaches coming out.

Jeff Payne: Yes.

Jennifer Bonine: People are talking about it. What are you hearing organizations that you work with, or individuals, saying, "Jeff, help me" with right now around security? Where are the themes?

Jeff Payne: One big theme is “How do I integrate security into agile?” That's our sweet spot. I started the company thinking that I could combine my security expertise with the movement toward agile. There were a lot of organizations at the time that were saying, and papers being written, that say you can't build security-critical software with agile. Usually the reasons they mentioned were not really true. You don't document in agile. That's not true. You don't plan in agile. That's not true.

I looked at it as, well, it's not that you couldn't do it, it's just people misunderstand agile and therefore they think it's not possible. We have a lot of people who are coming to us because they're building safety critical or software security critical systems. They're trying to figure out how do we take advantage of this agile movement, get to market faster, integrate and build quality in, but we want to make sure in the process we're secure.

Jennifer Bonine: Right.

Jeff Payne: We're helping a lot of people try to do that.

Jennifer Bonine: Good theme out there for folks who are in an industry where it's more regulated maybe, or they require more around it. I hear that a lot too, right, where people are saying, "I'm in a regulated space. I can't ..."

Jeff Payne: "I can't do agile."

Jennifer Bonine: Yeah, "I can't do agile. I'm worried about my security and what's going to happen with that." What are some good resources for people that are out there saying, I've heard, “I can't”? Where would you point them to say, try this maybe, or ... ?

Jeff Payne: A couple of resources. First, we actually right now are helping a medical device company that has to go through FDA certification, get through and build an agile process that'll work inside of FDA regulation. There's a great document out there. It's called TIR 45. It was built for the medical community. It's a doc on how you can use agile practices and still meet regulatory requirements.

Jennifer Bonine: That's awesome.

Jeff Payne: But when I read it, it was really a textbook on how you should think about agile and meeting any kind of regulatory compliance types of things. We've done agile for financial companies that have to adhere to Sarbanes-Oxley or PCI compliance. We've done it with medical. We've done it with nuclear. We've done it with a lot of them. This is a great doc, whether you're in the medical field or not, just to understand agile and how you should think about things like documentation and test and traceability and the things you're going to have to provide an auditor, irrespective of who the auditor is, to demonstrate that you did a good job building your software.

Jennifer Bonine: It sounds like it. TIR 45?

Jeff Payne: 45, yes.

Jennifer Bonine: For those of you out there, if you haven't looked at it and you're in a regulated space, go look at that. You have a summit that goes on Friday this week, I think, at the event?

Jeff Payne: Yes.

Jennifer Bonine: Do you want to talk a little bit about what that summit encompasses and what happens at that as well?

Jeff Payne: It's called the Testing Quality Leadership Summit. The goal is to get people to think more about the leadership around testing and not just get stuck in the trenches. This conference focuses on great tools and techniques and approaches and processes, but it's very technical. The leadership summit is for those who are trying to take their career to the next level. They want to move into management. They want to start leading teams. They want to understand those aspects of working in an organization. We have a couple speakers coming in, people who are leaders and can share their experiences. We also do what we call think tank, which is break into small groups and solve leadership problems and discuss them amongst peers. It's a great day. It's really fun.

Jennifer Bonine: I'm betting—because I know for someone who wasn't at this event but is planning to go to one in the future—maybe they're saying, "I'm going to watch the virtual, and then if I like it, I'm going to go to a live event." When you attend those, would you say those tend to change because the participants are different?

Jeff Payne: Sure, absolutely.

Jennifer Bonine: Some of the topics are different, the group kind of collectively wants to discuss, I would imagine?

Jeff Payne: The night before we do a reception. I ask a question, which is, “What keeps you up at night? What are you worried about?” Sometimes you see common themes. There's a lot of things people are always worried about, like costs, I need to manage my boss. That's the one we hear a lot. How to hire good people and retain good people. All those kinds of things that you run into as kind of a first-level manager are things people are worried about. It's really dictated by the crowd. I take suggestions. The things that are most asked about are the topics we cover during the think tank.

Jennifer Bonine: Very nice. It's kind of fun, I bet. You see different aspects and different dynamics as you change out that group of people every time you do it?

Jeff Payne: Definitely. Hot topics come and go. A few years ago it was, "How do I manage an outsource team, an offshore team?" You don't hear that as much anymore. Either it's been figured out or we're doing less of that or something has changed, because that's not a topic that you now have top of mind right now, which is interesting.

Jennifer Bonine: Is there one you saw in the last one you did that you're thinking will probably come up again?

Jeff Payne: Certainly the last couple of years agile has popped up. Every facet of agile. We haven't had a "How do you manage the whole process?" yet, but I'm expecting to see that at some point here.

Jennifer Bonine: That's coming.

Jeff Payne: A lot of people now are talking about it. I've put together a pipeline. I'm starting to do continuous integration and continuous delivery. Now they're stepping back, saying, who owns this process? Where does it live? How do we manage it? It's becoming mission-critical, so how do we deal with that now? Make sure it's always up and available. All those kinds of things are starting to bubble around. We'll probably see that at some point here.

Jennifer Bonine: I would bet. We are already out of time. I know these go so fast. If people want to contact you, Jeff, after this session or have questions on either some of the stuff we talked about security or the agile courses for the fundamentals, what's the best way to get a hold of you?

Jeff Payne: My company's Coveros. You can get to us on the web at You can reach me on Twitter. I'm @jefferyepayne.

Jennifer Bonine: Perfect.

Jeff Payne: I tweet about stuff like this all the time. Feel free to follow on or catch up with me there.

Jennifer Bonine: Feel free to follow him. Thank you so much.

Jeff Payne: Thank you.

Jennifer Bonine: Awesome.

Jeff Payne: Enjoyed it.

Jeff PayneJeffery Payne is CEO and founder of Coveros, Inc., a software company that builds secure software applications using agile methods. Since its inception in 2008, Coveros has become a market leader in secure agile principles and recognized by Inc. magazine as one of the fastest growing private companies in the country. Prior to founding Coveros, Jeffery was chairman of the board, CEO, and co-founder of Cigital, Inc., a market leader in software security consulting. He has published more than thirty papers on software development and testing, and testified before Congress on issues of national importance, including intellectual property rights, cyber terrorism, and software quality.

About the author

Upcoming Events

Jun 02
Sep 22
Oct 13
Apr 27