Scrum and the FBI - dummies

By Mark C. Layton

Cyberattacks of all sorts, from credit card hacking to government and military security threats, are increasing around the world. Military and cyberwarfare experts agree that controlling this expanding threat is a major concern. Cyberthreat deterrence programs that can adapt to the ever-changing nature of these sophisticated challenges are needed — and needed fast. In many cases, it’s an issue of national security.

The FBI has been increasingly active in finding solutions for responding to these cyberattacks on a national and criminal level. Leadership knows that using old techniques for handling these uber-modern threats isn’t enough. New ways of applying technology, shaping their workforce, and collaborating with partners are required.

Not surprisingly, they’re approaching this conundrum with scrum in mind.

As published by the FBI’s Information Technology Strategic Plan for FY 2010–2015, the FBI is in fact creating

“. . . an agile enterprise with evolution toward consolidated and shared infrastructure, services and applications. As part of the agile environment, the FBI will sustain a rigid information security management program, implementing tools and processes to enhance utilization of the Enterprise Architecture (EA) through virtualization and abstraction. Strategically, the FBI will focus on fully understanding, adopting and integrating a shared services approach to IT and business challenges.”

After the 9/11 terrorist attacks, the FBI began to work on streamlining its flow of information and coordination with all relevant entities. After a couple of false starts, it developed the Sentinel program: a comprehensive software case management system. The goal is to replace a current system consisting of a mixture of digital and paper information flow with a purely digital one.

For ten years, the project was conducted using the FBI’s prescribed waterfall methods, including extensive up-front design and fixed requirements. In 2008, a new CIO, Chad Fulgham, started requiring incremental delivery from the contracted developers. Specifically, by 2010, scrum was used officially. Here are some of the symptoms of the waterfall process used up to that point:

  • Only 4 of 18 workflows were live, but with defects.

  • Less than 1 percent of the 14,000+ forms were created in the new system.

  • Cost to date was $405 million, with an estimated $350 million more to go over six years.

  • All delivered functionality was considered optional throughout the organization.

When scrum was implemented, excess staff was cut by more than 50 percent, user stories were created, and 21 two-week sprints were scheduled — an 85 percent decrease in projected schedule.

Healthcare, education, and the military and law enforcement all have one important thing in common — people’s lives: health and well-being, knowledge and preparation for the future, and security. Scrum works in each of these areas, in real lives, for real people, and for real changes for the better.