🤔 Kaizen Event: +10/10 efficiency
Salute,
Earlier we looked at what DMAIC is.
Now we should consider the special tool used to achieve this goal. I will say that this is a cool tool that can be used in practice, and it also has subtlety, it can be used for artificial conflicts.
Yes, that’s right, it’s also ideal for artificial conflicts. What am I talking about? How often do you face problems of escalations, delays and a simple “I don’t want to”. So, if this is used in the right way and with the correct approach, then this will allow you to achieve your goal without any negative consequences.
Before that, I suggest you remember what DMAIC is:
An approach used in production management. It allows you to consistently solve problems and improve business processes using quantitative and qualitative metrics
Consequently, we all know and have heard many times about things that change the culture (you can say that we say, but in fact no one gives you something that works) within the team and the company, and you can influence it, only I give you a tool and ask you to be careful with it. By the way, not only metrics allow us to assess growth and solve problems.
Why are we looking at this?
Look, when a team or a new product is formed, there will always be a zone where people are dissatisfied with each other or unhealthy competition arises, or authority is questioned and this shows a real management problem.
Kaizen Event is just about achieving results and changes that are really effective and provide indicators in a short time.
It's essentially a focused improvement sprint where the team pauses the world for a few days to make one specific process better. Not “optimize everything”, but remove the real
How does this work
- Choosing a point of pain: what interferes most often? problem of recurring vulnerabilities due to version rollbacks? Falls? Eternal queue during scans? By-pass IS quality criteria? We take the most annoying place and hit it there
- We measure the current state using quantitative and qualitative characteristics: the average time for checking an assembly is 19 minutes. We want 12. Or a long triage of vulnerabilities - we automate the monitoring of ASPM indicators and create unique policies for the project
- Let’s look at the root cause: why does this happen? Process? Not understanding what they are doing? Sawing tools? This is where insights are born, and we also see what we can fix and go to negotiate.
- We make improvements immediately without endless tickets and meetings.
Got ready → done → checked
- We consolidate the result, as an example, we create a new standard, metric, automation and ID - so that the improvement does not dissolve in a month
Why does Kaizen Event really work?
- Focus on specific pain, not everything in a row
- Quick results → increased engagement
- The team feels that they can change the system and they mean something, their competencies and the corresponding cost grow, and not just “work according to the process”
These Kaizen sessions work great on topics like:
- Reducing the time of pipeline checking and receiving callback from analyzers with results based on metadata such as the number of vulnerability densities
- Optimization of rules for SAST/SCA, automation of scripts for DAST and more
- Acceleration of triage of falls based on grouping
- Risk analysis for vulnerabilities that will actually affect the system
- Setting up feedback between security and development
- Implementation of Security Champions and DevSecOps processes
Total: a couple of days and the process that was pissing everyone off suddenly starts working smoothly, the current problems are sorted out, and the conveyor is installed. This is Kaizen: not about revolutions, but about daily micro-explosions of efficiency.
Well, yes, the conflict itself is escalating due to the fact that the problem is highlighted and we talk about it. A common problem is that involvement is only after problems have escalated, but fortunately this is controllable and we can work with it.
#pmi #devsecops #riskanalys #roadmap #pmcases #humanres