A day in Life of Software Architect – part 2

Read part 1:
https://sandyclassic.wordpress.com/2014/02/02/a-day-in-life-of-software-architect-part-1/
Work scheduled of a day depends on which phase projects are in currently. As typically architect work across multiple projects and help Project Manager PM aligning with organisation strategy and standards, reduce risk, liaising with stakeholder to full fill expectations develop blueprint for project.
different classes of architect have different skills and expectations:
Read More details: https://sandyclassic.wordpress.com/2011/09/25/enterprise-architecture-togafitilzachmanetomngoss/
Suppose a project is using a agile methodology: Then Architect day starts with.
Business Analyst gather requirement from clients, Architect work with them in putting technical prospective to each business Case.
In case of software services company Architect Even help sales team in estimations during bidding process like total man hours required for the projects under bidding.
Architect Also work with domain specialist along with business Analyst to find implications of changes in business environment, regulations, etc and its affect on software implemented or under implementations.
Architect Help Higher management in giving directions to roadmap of implementions or future implications on use of lets suppoe third party Charts in our BI product (license fees has to given for each chart (Make or Buy decision).Other options is make yourself it may take time (speed vs flexibility : Time to Market is crucial). Making takes time but gives flexibility, IP intellectual property, and may reduce cost in long term But Buying already developed third party may not give flexibility but can give speed and reduce cost in short term.
Adjusting solution to landscape of Client a Telecom case study.
Read This case Study for more details of similar process in telecom Stack development:
https://sandyclassic.wordpress.com/2013/10/26/telecom-technology-stack/

What happens At Enterprise Architect level ? see this presentation:
https://sandyclassic.wordpress.com/2013/02/28/498/

So A day typically depends on stage of projects like (initiation, development, implementation or maintenance), Domain of projects (insurance, finance, healthcare) and Technology used (J2EE, ERP (peoplesoft, oracle apps, SAP), .net, COBOL etc. data warehousing and BI).
Example Peoplesoft ERP Architect
e.g. Peoplesoft architect is using already dilivered set of programs, reports, table, forms, processes etc Has to take decisions Based on GAP Analysis. Plan ERP customisation either using peoplecode for UI and Forms or (SQR,nvision, Crystal reports) for report customisation, Or Administrative tools for customizing background processes.
Then plan for implementation of say suppose customising supply chain module to use some KABAN process or customising General ledger to introduce new regulation of mandatory approvals and Archiving records Or customising payroll according to country specific labour laws and company specific compensation policies.
Once functional Experts points what changes are needed Peoplesoft Architect has to draw a map immediately what Changes would be required in technology.
Then work along with team on implementations, stabilization of ERP and further supporting the ERP along with team figure out technical challenges and POC alternative solutions by using different levels of tools/technology in ERP or by integrating third party products.
To be continued…..

Project management for information security management project

Information security has become most critical aspect of any firm today. From protecting intellectual property for any company where  patents company hold is substantial part for their business. Actually company shell out huge money for Acquisition and merger just to get patents like google acquired motorola mobility for getting patents related to hand held device, Microsoft acquired skype fot entering into telecom protocol and SIP phone based markets.. So now it more important for them t protect using security measures. Same way sites like Amazon which is book seller, best buy for retail same way there are companies which are emerging on web which are taking away the traditional way of doing business essentially everything is coming onto web. So we have Wen 2.0 then Web 3.0 to cloud computing where platform as service PAAS , infrastructure as service IAAS, Software as Service everything is exposed on web. its becoming more critical for them to manage security.

Biggest problem in Security is how to define security which i covered some part in my last article but there bigger concern how to manage security projects. Because traditional way of SDLC or software processes does not apply to security due to huge dimensions it can touch like a threat may come from software defined by OWASP , or Web interface still OWASP, or may come from OS (virus, malware, torjan etc…) or may be at assembly level, or may come from hardware recently DSS algorithm failing for ATM cards (PCI DSS standards) or it may come from operational lapses not captured in audit or it may come from transmissions of signals making data exposed to and machine catching signal or sensor network, or network layer Router switches or it may be in mathematics of encryption and decryption which is brooken. Domain is so vast that pointing 1 fault is sometimes mistake. Problem is: defining requirement has bigger problem but more bigger problems are which managing such projects. So what it takes to manage such project? traditional view of PDCA Plan – do – check  – Act does not take emergency situations and penetration testing when its done on software to website or and protocol or technology..PDCA is valid when u are creating a project of pen testing but for maintaining security is continuous task testing methodology like OSSTM provides help only in Application security project not for network security or  OS security or any there part security.. so security is continuous project..it requires exhaustive preparation.