10 Years at patterns & practices

I never imagined I would invest 10 years on the patterns & practices team at Microsoft.  Life is short and I always imagined I would spend it across so many more adventures.  What surprised me is how much you can grow yourself, and grow the job in the process.  While I sometimes wonder about the path not taken, there’s no doubt I’ve built a deep set of capabilities, achievements, and experiences as a direct result of investing my time in patterns & practices.  I’ve shared some of my best lessons learned at patterns & practices, as well as my proven practices for individual contributors.

I think my biggest take away lesson is follow your heart, follow the growth, and invest in yourself (mind, heart, body, emotions, career, financial, relationships, and fun.)

Why patterns & practices?
There are lots of reasons why I chose patterns & practices.  At the end of the day, it was the people, the values, and the mission.

Our Mission
While we’ve had various flavors of the mission, I like to think of it as …. “Customer success on the Microsoft platform” … or … “Proven practices for the platform.”  I had the toughest time explaining to my Aunt what I do, until finally I said, “I help customers put the legos together.”  She then said, “ahhh, I get it.”

Goals
In patterns & practices, the goals are simple:

• Simplify the customer experience of building quality solutions on the Microsoft platform.
• Improve the customer value of Microsoft products and technologies through customer connection and solution engineering.
• Grow the professional knowledge and capability of the Microsoft development community.
• Help customers and partners build their LOB (line-of-business) applications and services faster and more predictably than any platform in the world.

Values
In patterns & practices, we value:

• Continuous learning, innovation and improvement - We have a bias toward action (over more planning) and customer engagement and feedback (over more analysis.)
• Open, collaborative, relationships with customers, Microsoft field, partners, and Microsoft teams.
• Execution - we take strategic bets, but we hold ourselves accountable for creating value, shipping early and often, and delivering results that have impact with customers and in Microsoft.
• Explicit, transparent, and direct communication with customers and with our team and others in our company.
• Quality over scope - no guidance is better than bad guidance.

Principles
We use the following principles to guide our work:

• Start with the end in mind; think about end to end scenarios and how the products we produce fit in the solution architecture and into the patterns & practices catalog.
• Help the customer succeed with their intent - the results they want to achieve, not just what they are trying to do.
• Find the minimal solution required for a good result and ship it.
• Our tools platforms are assets that expand the types of guidance we can express - use all of what they provide where it naturally fits the scenario.
• Constructive tension between customer needs and Microsoft product and business strategy is expected - when we do our job well, this tension is healthy.

Capabilities, Achievements, and Experience
How do you measure the impact of the time you spend down a given career path?  I’ve been looking for an effective lens, and I think it boils down to capabilities, achievements, and experience.   It’s the simplest way that I can organize and reflect on where I am, based on where I’ve been.   Capabilities are simply my skills.  They are the things I’ve learned how to do, from soft skills to technical abilities.  Achievements are my results.  This includes my impact on Microsoft, the software industry, and customers.  I lump my books, patents I filed, and the methodologies I’ve baked into the platform and tools here.  In terms of experience, I think of the job roles and activities I’ve had along the way.

Key Themes
I think  I can boil my impact and results down into 3 key themes:

• Project management.  I drive projects from pitch to ship.  I’ve built dream teams that go on amazing adventures to change the world.  I’ve consistently shipped projects on time and on budget year over year.  I’ve mentored many project managers and PMs at Microsoft to share the best of the best of what I’ve learned about shipping, execution, impact and results in patterns & practices.  I’ve had unique experiences here, especially since we adopted Agile practices early on, and I’ve lead distributed teams around the world since 2001.  I’ve learned a lot in terms of managing innovation, delivering incremental value, fixing time, while flexing scope, and experience-driven development (my latest thinking on software development.)  I think my biggest achievement here was helping shape the patterns & practices catalog, the programs, and the execution.  See Writing Books on Time and On Budget.
• Software engineering.   I’ve invested the bulk of my time in application life cycle management, process improvement, quality attributes (security, performance, … etc), and application architecture.  Most of my talks and writings have been focused on security, performance, and software architecture, but I’ve done a lot more behind the scenes.  One of the big things I’ve focused on at Microsoft, is “solution engineering”, which is really about problem solving, while satisficing the user, business, and technology perspectives.  I think my biggest achievements here were baking security and performance into the life cycle, and into Visual Studio Team Foundation Server.
• Effectiveness.  I’m a fan of continuous improvement.  I’m not a productivity junkie though.  I’m all about impact and results.  I’ve learned from the best of the best around Microsoft.  I’ve hunted and gathered patterns and practices for effectiveness over the span of several years.  More importantly, I’ve bounced the ideas and techniques against reality to see what sticks.  In the last few years, I’ve regularly carried 8 mentees.  I’ve given talks to our X-Box team on productivity and results systems.  Effectiveness is an art and science, and I’m trying to bridge the gap between state of the art and state of the practice.  See 7 Habits of Highly Effective PMs and Effectiveness Post Roundup.

Years at a Glance
I think browsing by years is a healthy reality check against impact over time.  Looking back is the simplest way for me to respond to the question, “if I had it to do over again, what would I do differently?”  Where there answer is “nothing” – those are the sweet spots.  Where the answer is “everything” – those are the lessons :)

Year	Results
2009	Books Application Architecture Guide 2.0 Projects Azure Security Guidance Project Core Systems Information Model Cloud Architecture Scenarios Customer-Connected Engineering Productivity coach for the Xbox team.
2008	Books Improving Web Services Security Projects Line-of-Business (LOB) Frame Catalog Sweep Visual Studio Add-In for Guidance Explorer
2007	Books Performance Testing Guidance for Web Applications Team Development with Visual Studio Team Foundation Server
2006	8 patents filed (Security, performance, and info models for software life cycles and application life cycle management.) Projects ASP.NET Security RI (Reference Implementation) Competitive Assessment for Security Engineering Defending Your Code Guidance Explorer PDL (Performance Development Life Cycle) Practices Checker Scenario Evaluation Framework Security Case Studies Security Code Examples Security Toolbar
2005	Books Security Engineering Explained Projects Security Engineering in VSTS Threat Modeling Web Applications Whidbey Security Guidance
2004	Books Improving .NET Application Performance and Scalability
2003	Books Improving Web Application Security
2002	Books Building Secure ASP.NET Applications

Books
My books at a glance:

• Application Architecture Guide 2.0 (2009)  (The Microsoft Playbook for the Application Platform)
• Building Secure ASP.NET Applications (2002)
• Improving .NET Application Performance and Scalability (2004)
• Improving Web Application Security: Threats and Countermeasures (2003)
• Improving Web Services Security Guide (2008)
• Performance Testing Guidance for Web Applications (2007)
• Security Engineering Explained (2005)
• Team Development with Visual Studio Team Foundation Server (2007)

Pocket Guides
My pocket guides at a glance:

• Agile Architecture Method Pocket Guide
• Mobile Architecture Pocket Guide
• Performance Pocket Guide
• RIA Architecture Pocket Guide
• Rich Client Architecture Pocket Guide
• Security Pocket Guide
• Service Architecture Pocket Guide
• Web Architecture Pocket Guide

Projects
My projects at a glance:

• Application Architecture Guide 2.0 – A guide, knowledge base, information model and methodologies for the Microsoft platform.
• ASP.NET Security Reference Implementation - Sample application for ASP.NET 2.0.
• Building Secure ASP.NET Applications – A guide for designing authentication and authorization and end-to-end applications scenarios.
• Catalog Sweep – Information model for organizing the complete patterns & practices catalog of code and content assets.
• Customer Connected Engineering – Methodology for engaging customers throughout the life cycle (“patterns & practices secret sauce.”)
• Defending Your Code – An online knowledge base for software security.
• Guidance Explorer – An online knowledge base for prescriptive guidance ("ITunes for knowledge.")
• Improving .NET Application Performance and Scalability – A guide and methodology for baking performance into the life cycle.
• Improving Web Application Security – A guide for threats, attacks, vulnerabilities and countermeasures for LOB applications.
• Improving Web Services Security – A guide for threats, attacks, vulnerabilities and countermeasures for Web services.
• Performance Testing Guidance for Web Applications – A guide and testing methodology for testing Web application performance.
• PDL (Performance Development Life Cycle) – Methodology, activities and artifacts for baking performance into the life cycle.
• Practices Checker – An application that checks software against patterns & practices recommendations.
• Scenario Evaluation Framework – Assessment technique for design, implementation and deployment “building codes.”
• Security Case Studies – A model and examples for sharing business impact from patterns & practices security guidance.
• Security Code Examples – 60 security code examples in VB.NET / C#.
• Security Engineering Explained – A guide and methodology for baking security into the life cycle.
• Security Engineering in VSTS – Baked security engineering into VSTS / MSF.
• Security Information Model – A unified model for Microsoft’s security guidance.
• Security Toolbar – A toolbar for browsing patterns & practices guidance from Visual Studio.
• Threat Modeling Web Applications – A technique to identify relevant threats and vulnerabilities for your scenario to help you shape your application's security design.
• Visual Studio Add-In for Guidance Explorer – Find, create, and share prescriptive guidance inside Visual Studio.
• Whidbey Security Guidance – A collection of guidelines, checklists, and step-by-step how tos for improving software security based on the .NET Framework 2.0.

Where do we go from here?  You write your future a page at a time.  If there’s one thing I’ve learned, it’s continue to reinvent yourself, reinvent your job, and make the most of what you’ve got.

My Related Posts

• People I’ve Worked with On Past Projects
• My Projects on MSDN