Lion van Koppenhagen


About this site
This blog — sometimes known as my "Braindump" — is my platform for experimentation and community interaction. It is a way of offloading thoughts.

Welcome to the third part in my series about legolizing software development. In this third part of the series I selected this essential (by design) element first because I, just like most of us working in the software industry, perceive it as an additional burden.

To prevent my own prejudice clouding the subject matter, I asked a friend from my college years, Tony Lemmers, Data Protection Officer, to join me as a co-writer exploring this topic.


With the new global emphasis on privacy and the legal consequences of non-compliance, we do not have the option to fail fast, learn fast, we can’t get away with a number of 9s, because the penalty on failing might sink our business. In theses political uncertain times, defending privacy is paramount to the success of every enterprise. The threats and risks to data are no longer theoretical; they are apparent and menacing. Tech decision makers have to step in-front of the problem and respond to the challenge. Privacy by design is part of the high-level design of software systems, with emphasis on the system’s structure and the non-functional requirements it needs to meet.

Privacy by design (PbD) is a policy measure that guides software developers to apply inherent solutions to achieve better privacy protection. For PbD to be implemented successfully, it is important to understand developers’ perceptions, interpretation and practices as to informational privacy (or data protection).

We’d like to share our lessons learned about architecture, development environment, security considerations and privacy considerations with you. We will also explain some issues we stumbled over and what solutions we chose to solve them.

In the first part of our exploration on the subject, we start off outlining the two main elements in this exploration:

  • Cultural change
  • Non-functional requirements

Cultural Change

Analysis of the way of working in projects in the past revealed an interplay between several different forces affecting the way in which developers handle privacy concerns.

We discussed and analyzed the cognitive, organizational and behavioral factors that play a role in developers’ privacy decision making. We identified three key elements:

  • Our findings indicate that developers use the vocabulary of data security to approach privacy challenges. This vocabulary limits their perceptions of privacy mainly to third-party threats coming from outside of the organization;
  • that organizational privacy climate is a powerful means for organizations to guide developers toward particular practices of privacy;
  • that software architectural patterns frame privacy solutions that are used throughout the development process, possibly explain developers’ preference of policy-based solutions to architectural solutions.

Framing these findings leads us to the factors that can influence developers’ privacy practices and allows us to use them as a guide for working toward a more effective implementation of PbD.

Non-functional requirements

A Non-functional requirement (NFR) specifies criteria that can be used to judge the operation of a system, rather than specific behaviors. The plan for implementing PbD NFRs needs to be detailed at the start of designing the basic system architecture, because they are architecturally significant requirements.

The general believe is that the GDPR forbids a lot of things. This is not the case. GDPR mainly requires us to think before acting. The same is the case for development. Here are some simple steps to aid in this process.

  • Do you need PII (Personal Identifiable Information)?
    If for example you need to know whether a user of your application is older than, let say, 18 years. You could ask for his/ her birthday but that is PII. Is is better and simpler to ask ’Are you older than 18 year?’
  • Which legal basis do you use to gather the PII?
    GDPR offers six possibilities here;
    – Performance of a contract,
    – Compliance for a legal obligation,
    – To protect the vital interest of the user,
    – Public interest,
    – Legitimate interest,
    – Consent
    In software development, performance of a contract or consent are the bases that are most used. Of these two consent is the weakest because it can be withdrawn at any moment and has to be presented in a clear and easily accessible way.
  • Only gather the PII you need and have a basis (see point 2) for.
    When you need someone’s address because you’re sending them something it’s not necessary to ask about gender. The package will get there without knowing the gender and you have minimized the PII you gather on someone. Also if you have less information on someone there is less to protect, store, etc. .
  • You can use the PII you gathered on someone only for the purpose for which you gathered it.
    There is an exemption on this, if a new purpose is similar to the original purpose, than it is allowed, otherwise this is one of those few things that are forbidden.
  • Take care that the PII you have is up-to-date.
    This is not only useful for yourself but also a requirement from the GDPR. So ask your users on a regular basis (once a year) if there data is correct. Not only to comply with GDPR but it is also good business.
  • PII is like money, so protect it the same (or better) way as you would protect your money.
    This protection should both be technical (separated databases for PII with better encryption and pseudonymization) but also organizational. This means the people should only have access to the PII they need access to and that there should be access controls in place. The first fine which was given in the Netherlands was for the lack of good access control by a hospital.

This concludes our introduction to PbD. Feel free to contact us if you feel we can be of help.

This article is part of a series of articles themed Legolizing software development. I will post more on my site, follow me on linkedin or facebook if you like to read more.

Individuals and interactions over processes and tools

Agile manifesto

Agile is all about mindset and culture yet still in many transitions applying this primary value is overlooked for the agile transition itself. In general, a transition strategy, including organisational changes and process definitions, is communicated after it has been decided on somewhere in the organisation. Now if we accept an agile transition is a project and we look at the following agile principle;

Build projects around motivated individuals.
Give them the environment and support they need,
and trust them to get the job done.

Principles behind the Agile Manifesto

It isn’t that hard to understand that we missed a step. Unfortunately it’s a crucial step, it’s the difference between doing Agile and becoming Agile.
Lucky for us, that step was already defined long before the Agile Manifesto, it is the Community of Practice.

The Community of Practice

Communities of practice provide a model for connecting educators in the spirit of learning, knowledge sharing, and collaboration…

Cambridge, Kaplan & Suter

What is a community of practice?

  • A community of practice (CoP) is a group of people who share a common concern, a set of problems, or an interest in a topic and who come together to fulfill both individual and group goals.
  • Communities of practice often focus on sharing best practices and creating new knowledge to advance a domain of professional practice. Interaction on an ongoing basis is an important part of this.
  • Many communities of practice rely on face-to-face meetings as well as web-based collaborative environments to communicate, connect and conduct community activities.

Why communities of practice are important

According to Wenger (1998), communities of practice provide five critical functions. They:

  • Educate by collecting and sharing information related to questions and issues of practice
  • Support by organizing interactions and collaboration among members
  • Cultivate by assisting groups to start and sustain their learning
  • Encourage by promoting the work of members through discussion and sharing
  • Integrate by encouraging members to use their new knowledge for real change in their own work.

Communities of practice are important as a professional learning strategy, because they have the potential to:

  • Connect people who might not otherwise have the opportunity to interact, either as frequently or at all.
  • Provide a shared context for people to communicate and share information, stories and personal experiences in a way that builds understanding and insight.
  • Enable dialogue between people who come together to explore new possibilities, solve challenging problems, and create new, mutually beneficial opportunities.
  • Stimulate learning by serving as a vehicle for authentic communication, mentoring, coaching, and self-reflection.
  • Capture and share existing knowledge to help people improve their practice by providing a forum to identify solutions to common problems and a process to collect and evaluate best practices.
  • Introduce collaborative processes to groups and organizations to encourage the free flow of ideas and exchange of information.
  • Help people organize around purposeful actions that develop tangible results.
  • Generate new knowledge to help people transform their practice to accommodate changes in needs and technologies. (Adapted from Cambridge, Kaplan & Suter)

The professional learning needs of educators are changing. Communities of practice offer a robust strategy for professional learning. Here is why:

  • Complex problems require more implicit knowledge, which cannot be codified.
  • Implicit knowledge can only be shared through conversations and observation.
  • Collaborative and distributed work is becoming the norm.
  • Knowledge sharing and narration of work make implicit knowledge more visible.
  • New ideas come from diverse networks, often from outside the organization.
  • Learning is part of work, not separate from it. Communities of practice enable the integration of work and learning.

The value of communities of practice is in the depth of participants’ reflection and inquiry, and how they put co-created knowledge to action.

Success factors

Wenger has identified a number of factors that contribute to the success (and failure) of communities of practices. His ‘top three’ factors include:

  • Identification: Communities of practice thrive on social energy, which both derives from and creates identification. Passion for the domain is key. This makes the clear identification of the domain a critical success factor.
  • Leadership: A key success factor is the dedication and skill of people who take the initiative to nurture the community. Many communities fail, not because members have lost interest, but simply because nobody has the energy and time to take care of logistics and hold the space for the inquiry.
  • Time: Time is a challenge for most communities, whose members have to handle competing priorities. Theoretically, time should not be an issue if the interest is there, but practically it remains a constant challenge. Because time is at such a premium, a key principle of community cultivation is to ensure “high value for time” for all those who invest themselves.

The research describes a number of factors for success including:

  • Identifying a domain that energizes a core group
  • Recruiting a skillful and reputable facilitator
  • Tapping into the expertise of local and international experts
  • Addressing details of practice
  • Establishing the right rhythm and mix of activities
  • Having visible support of organizational leaders, but without micro-management
  • Accessing adequate resources in order to reduce barriers to participation.

The research also identifies these additional factors that contribute to a successful community of practice:

  • self-governance
  • a sense of ownership
  • the level of trust
  • recognition for contributions
  • high expectations for value creation
  • organizational support
  • connection to a broader field
  • interactions with other communities

In conclusion

Looking at the elements of the Community of Practice and how they match the mindset of the core agile values I hope this can help you leading successful transformations.

If you would like to know more or need help, feel free to reach out.

In almost all industries designers use standard parts. These have been extensively tested and have proven in practice that they do not have hidden defects. This is still not the case when designing software. Design based on components is still stuck in its infancy. There are plenty of standards, but the blocks do not fit together well. This post explores an approach forward using the Lego Analogy.

The Lego Analogy

Lego is a great analogy for understanding the importance of standards. Lego have been making bricks (Lego calls them elements) since the late 40s. It took them a little while to perfect their designs. But since 1958 they’ve been manufacturing bricks in the same way, to the same basic standard. This means that you can take any brick that’s been manufactured over the last 62 years and they’ll fit together.

A commitment to standards maximises the utility of all of the bricks that the company has ever produced.

If you look across all of the different sets that Lego have produced, you can see that some basic pieces are used very frequently. If you ask a Master Lego Builder for a list of their favourite pieces, you’ll discover the same.

Now if we would do the same for software development, what would be the list of elements our Master Software Builder would always need? What do we have to design?

Design still happens

Moving away from Big Design Up Front (BDUF) to Agile does not mean letting go of design all together. We need context or guardrails as some might call them. When less is more, we need insights into definition, features and benefits of minimalism applied to basic elements.

In this post we embrace the new IT and take a generic microservices architecture as the starting point. APIs are an incredibly valuable tool – they unlock data, increase agility, encourage innovation and speed up time-to-value.

This brings us to our first element, the API Catalog. Even though we can develop and reuse without a catalog, developers might create the same or similar APIs multiple times because it was not known that there is already an implementation existing. And that’s just the inside perspective. What about somebody from outside your organization looking for a smart way to integrate and connect with your business? Who to call, where to search, where to ask a question? Usually, this leads to people going to different places in order to solve their requirements.

Our first element, The API Catalog, is the Master Builders list of basic elements.

Which are the basic elements?

This is a question I cannot answer for you. The collection of basic elements is defined by the needs of your organization. This is why a strategic approach to APIs is vitally important to your business. It’s not up to me to decide what should be in your toolbox.

Think about creating a pool of resources generic enough that they can be applied to different projects. Reusing capacity improves efficiency and effectiveness, all the while reducing costs and increasing the potential return from projects.

Principles that should lead you to the elements essential to be in the catalog are:

  • Security by design
  • Privacy by design
  • Telemetry by design
  • Testing by design
  • Scalability by design

Failing to take any of these principles into account will lead to high refactoring cost in the future. Using these principles you can land and expand. Always keeping the big picture in mind but build for immediate use. Build simple blocks and have the teams decide which next block would add the most value.

This article is part of a series of articles themed Legolizing software development. I will post more on my site, follow me on linkedin or facebook if you like to read more.

Isn’t it time to move from hindsight to insights?

In the era of the smartwatch we find it normal to know about ourselves with literally a flick of the wrist, we call it quantified self. Isn’t it time to really move towards the quantified organization, to Fitbit your organization?


We read about big data, data driven decision making and business intelligence everywhere, buzzwords enough, but when it comes to reality we only use it in hindsight.

These days, if I walk into an office, I get an immediate answer when I ask a manager about sleeping patterns or heart rate. However, if I ask about the performance of the main value streams or delays in those value streams, I’m usually directed to the BI-team. If I ask an SMB owner about cash flow, I’m directed to his accountant. Maybe you feel comfortable driving your car without a realtime dashboard but you shouldn’t and the same goes for managing your organization big or small.

Insights, the path to success

When driving you usually at least watch the speedometer on your dashboard, you don’t go to the garage to ask at what speed you have been driving. Why should managing an organization be any different?

While sometimes it’s okay to follow your instincts, the vast majority of your business-based decisions should be backed by metrics, facts, or figures related to your goals.
By leveraging the wealth of data available into insights, it’s possible to make more informed decisions that will lead to commercial growth, evolution, and an increased bottom line. Those insights should be available in now, not later. What’s holding us back?

Scattered data, high complexity

We have so much data but it’s scattered in silos, or using it is to complex, or our IT organization expects us to use BI-Tools when all we want is insights.

About 10 years ago I was asked to come and drink a cup of coffee at a multi-national sales organization. The sales people where send on a Microsoft training SQL Server Reporting Services so they could create the insights they needed themselves. Imagine the panic. I was asked if we could design a simple solution, we could and we did and it became the most used unofficial application in the company.

So how did we do it and how can you do it?

Land and expand

We followed a simple agile path. Think Big start Small. Always keep the big picture in mind but build for immediate use. We didn’t start off building a complete solution. We build simple blocks named in the language of the users that allowed them to correlate data from various sources into reports, without the need to know the source or how to get there. The salesforce decided which next block would add the most value. All reports were based on data in near real time.

You can do the same for/with your organization. By implementing the right reporting tools block by block, you will be able to make the kind of data driven decisions that will drive your organization forward. It isn’t hard and it should not be costly. Just do it!

This article is an introduction to a series of articles themed telemetry by design. I will post more on my site, follow me on linkedin or facebook if you like to read more.

“We had started to make fire trucks that look like spaceships, building systems that no customer could truly appreciate. We had to clean that up.”

Mads Nipper

For some reason I always look at Lego for inspiration when I need to give structure to what goes on in my mind. For me this quote summarises the perpetual tendency to deform simple, elegant solutions into useless monstrosities, spending millions along the way.

I started developing software on a ZX Spectrum and no matter the years of management and consulting, that mindset of a developer is how I look at the world. The list of frameworks I have endured over the years is endless and what they all have in common, is the hours spent by organizations and teams not delivering value. Even worse, the frameworks have become resource hogs, draining organizations of time and money in the attempt to improve. So what’s the problem?

Frameworks, the imposed approach

Regardless whether the framework is called SDM, Prince2 or one of the current frameworks such as SAFe or DAD, they are pitched to the organization and imposed on the teams. Leadership has had little training and consultants are brought in to achieve a lightning change into product and software development. And then there is the failure to achieve the goals of the change. Why?

The framework became the goal

In the rush to improve organizations to achieve their goals more efficiently, the frameworks tend to become the holy grail. Process and procedures are forced upon teams and control mechanisms are put in place to provide management with progress overviews. Failure to meet targets leads to changing the consultants, changing the framework or both and to no avail. Why?

Failure to address culture

Culture, the hardest component of an organization to change. It is not the framework or methodology that makes a team successful. It is the culture and mindset in the organization that leads to success. Change needs to come from culture and a mindset, not a framework. So where do frameworks fit?

The use(fulness) of frameworks

Changing culture and mindset takes time, it also needs tangible tools to help you on the way. Following the ShuHaRi concept, frameworks can be useful as a tool in the journey of change. The most valuable element in change, being lessons learned or retrospectives, can be found in any modern framework. Use frameworks wisely, use them to support the change you wish to achieve but beware, don’t let using the framework become the goal.

If you would like to know more or need help, feel free to reach out.

Read More

For those interested in flow, another oriental way of thinking might also be good to read up on.


Shu – In this beginning stage the student follows the teachings of one master precisely. He concentrates on how to do the task, without worrying too much about the underlying theory. If there are multiple variations on how to do the task, he concentrates on just the one way his master teaches him.

Ha – At this point the student begins to branch out. With the basic practices working he now starts to learn the underlying principles and theory behind the technique. He also starts learning from other masters and integrates that learning into his practice.

Ri – Now the student isn’t learning from other people, but from his own practice. He creates his own approaches and adapts what he’s learned to his own particular circumstances.

Applied to yourself it helps you recognise how Agile you are, applied to others, It helps you coach them in their maturity drive at the right level.

Working in the development industry and experiencing changes in the way of working first hand, led me to writing this article. Regardless of paradigms, the goal is to develop working solutions for internal/external customers in a timely cost efficient manner. This perspective is especially important for scrum masters to understand their role. 

In many teachings the focus of the role of a scrum master is primarily defined as guiding the team(s) through the rituals of the chosen framework in a rigid process focused manner. This narrow focus is more often than not becoming its own impediment.

Being adaptive and agile means being able to change decisions all through the pipeline by iterating back and forth between the people who have responsibility for delivery and those who are responsible for understanding the marketplace. If we want business agility we need innovations of every size to flow through the organisation’s delivery pipeline without being blocked by gates, bad interaction or poor project management techniques. The paradigms and frameworks are there to serve organisations achieving the mindset and having a blueprint to deliver value.

From this we can derive the real role of the scrum master. The scrum master is the facilitator, responsible for managing the flow. The scrum master should focus on culture and interaction as well as a few guidelines. The scrum master uses the framework and tools to power an intense level of social interaction and a decisions flow from good interaction at work. 

The scrum master is the flow master. The scrum master evaluates where he can be of service to make sure we have a predictable continuous flow in the delivery of working solutions. This adheres completely to the principles of original agile manifesto:

  • Individuals and Interactions over processes and tools
  • Working Software over comprehensive documentation
  • Customer Collaboration over contract negotiation
  • Responding to Change over following a plan

Organisations need to recognise this in order for any agile transformation to succeed.

If you would like to know more about flow or need help in exercises to improve flow, feel free to reach out.

After successfully completing the course at Digital Delta, I can conclude it is almost the same as the role of the scrum master. The only difference is the domain specific knowledge the architect shares (not dictates) with the teams but:

Emergent Design

Ideally, Agile Development Teams are supposed to have the mandate to decide how and what to improve on the architecture. As features develop by order of highest demand, so each team should grow the architecture needed to support them. This is paraphrased under the concept of ‘emergent design’, and it follows from Agile principle number 11.

Complexity brings risk

That is fine for the low complexity of a start-up. In a scaled environment however, with many teams developing products at the same time, whose products are getting more and more complex, with several layers of communication within and externally, extracting data from many different sources… emergent design is a recipe for instability at the structural level. It isn’t enough to just ‘KISS’, because

“For every complex problem there is an answer that is clear, simple and wrong” Henry Mencken

So how do we define architecture in a complex context? To simplify isn’t even always a possibility, the same way as downscaling isn’t always the right thing to do. Instead, we have to work with complexity and try to organize as much as possible. One possible answer for that is the Intentional Architecture as designed and executed by the architects at the System, Solution and Enterprise levels.

An intentional frame for emergent details

Whether you’re a System, a Solution or an Enterprise Architect in a Lean-Agile enterprise, you are in charge of providing a strategy and vision to improve the architecture incrementally, leaving enough room for a coordinated emergent design effort brought on by the development teams. You provide the powerful and coordinated base for Agile teams to keep focusing on delivering value to end customers. It’s up to you to build the right amount of architecture that will enable this value to be implemented and potentially delivered.

You have a responsibility to help teams coordinate, define and share information at the appropriate levels; to understand the underlying purpose and also to be influential enough to direct the fitting amount of funding to the technical aspects and evolutions, to ensure it will get done.

The key is in the balancing act

Balancing sensibly between intentional architecture and emergent design, supported by techniques such as Model-Based Systems Engineering and Set-Based design.

If you would like to know more or need help, feel free to reach out.

One of the principles behind the Agile Manifesto is using an efficient and effective method of conveying information to and within a development team (the best way being a face-to-face conversation). The following points reveal why email is ineffective for productivity as well as a big source of frustration.

Email overload

The average worker will receive 122 of those emails each day, of which less than half will contain relevant information. When people are bombarded with all of this superfluous information, they simply bulk delete or skim through, missing important information that is buried. The sheer number of messages we receive leads to the most important ones getting lost, deleted, or forgotten. In addition, people are easily frustrated when their workload becomes overwhelming. Just one email can prove highly distracting. Just consider all of the newsletters and blogs to which you’ve subscribed. Reading through a single one can consume an inordinate amount of time, distracting you from the task at hand. In fact, studies show that after reading an email it can take up to twenty-five minutes to refocus on the work you were originally doing.

Wasted Time

The McKinsey Global Institute found that the average employee spends 13 hours a week checking, reading and responding to emails— eating up 28% of the work week. With less than half of emails deserving attention and many going unread, this is a lot of wasted time. On top of this, simply getting back to work after answering an email takes an average of 64 seconds. This enormously decreases productivity.

Not Made for Collaboration

Email was not designed to be a collaboration tool. From managing projects to troubleshooting a problem, neverending email threads become inefficient, confusing, and bad for productivity. With many collaboration and project management products available, email should never be the place you turn in order to stay on top of tasks and projects.

No Accountability

With email, there is little accountability. There no way of knowing if people have read an important update and anything can be chalked up to, “Oh, I didn’t get that email.”

Emails don’t support engagement

Email lacks the easy user experience of social commenting and as soon as more people join a conversation it becomes confusing (Email hardly ever stays on topic).

Email does not facilitate continuous feedback

People need feedback. Consistently. Top-down (as well as peer-to-peer) communication is essential for keeping this loop running effectively. But giving regular feedback via email takes a lot of work.

In comparison, modern communication channels like document solutions with embedded commenting systems encourage interactive conversations between peers, while push messages allow to give better feedback in less time. Plus it can be targeted and sent “on the go.”

Ineffective Content Repository

We’ve established why email is ineffective for collaboration but it is also a poor repository for company knowledge. Searching your inbox is always a headache. You rack your brain for a keyword or who sent the email or worse what date it was received. There is simply no way to remember all of that detail when your inbox is clogged up with hundreds of emails.

Secondly Email content is scattered and has no guardian. When people leave or get assigned into another position parts of the truth get lost.


Based on the above Email is ineffective for Agile communication. For an agile drive to succeed, it’s crucial to take a strategic approach using a solution that effectively connects teams in real time so they can collaborate, get answers and share information in an efficient and effective manner. Even more, we must ensure communication is unlocked to all levels of the organisation.


Personally I favour the Atlassian suite to structure project communication but you can use any collaboration platform that meets your needs.

Agile and scrum are crystallisations of a mindset and a way of working. You can have that mindset and work a certain way before it is given a new shiny moniker.

Coming from Rotterdam University of Applied Sciences in the same year as Arie van Bennekum, co-author of the Agile Manifesto, his role in the Manifesto is no surprise to me. We were educated to focus on delivering solutions with the freedom to use whatever platform we found appropriate in order to provide working prototypes. The mantra was to write self-documenting coding to allow for as little documentation as possible. We learned to embrace change (in technical possibilities and in stakeholder wishes) as a natural state.
It is not that difficult to find the 4 Agile values there and to derive the Agile principles.

Very early on we learned to design small functional bits of software with a teacher that hammered the following quote in our heads:

“Any intelligent fool can make things bigger and more complex… It takes a touch of genius and a lot of courage to move in the opposite direction.”

We learned to put all the stuff that we wanted to design and develop in a Javelin sheet (a very old spreadsheet solution), discuss the amount of work it would be with the team and then prioritise and distribute the work. Every day we would align on progress and every week we would evaluate if what was in the pipeline was still valid. Looks rather a lot like Scrum/Kanban don’t you think?

My biggest disappointment came when I joined the SVB and was pushed back into SDM and other painful ways of the old. That’s when I decided to do a KeyNote at a Clipper developer congress about customer oriented software development and shortly thereafter I was hired by the founders of Centric, Cock Mudde and Albert Oegema to start working that way at the Volvo Truck Corporation.
From then on I have been able to take those practices and work with an Agile mindset in a Scrum manner.

And so to conclude, this is how you can be Agile and work in a Scrum way for 25+ years.