HM3 are very pleased to announce that we have achieved our Cyber Essentials Plus certification for the second year in a row!

‍

With the ever-increasing threat of cyber attacks, the fact that we've been independently assessed by an expert who has confirmed that we have robust controls in place, is really reassuring. We're doing all that we can to protect against common threats and that's a great benefit to both our customers and ourselves.

HM3 are proud to sponsor and support a variety of sports teams and organisation. One of which is Stafford Rangers U12s Tigers who competed in the Shield Final last weekend and after a nerve-racking penalty shootout, went on to win it!

Their manager Jason had this to say about their journey to the final;

“Firstly thank you for your sponsorship and continued support at HM3 consultancy. We appreciate everything you do for us as a team.

I wanted to share with you our success that took place on Sunday as Stafford Rangers Tigers U12s took home our first trophy after just a short period of two years as a team, with none of our players having any previous playing experience.

Supporting grass roots football is so important with the lack of investment at this level and without companies like yourselves this achievement wouldn’t be possible. Just to outline some of our achievements so far this season; We have scored 105 goals in 13 games, whilst only conceding 32 along the way. The top goalscorer at U12s (Jack) sits at the top of the leaderboard for the whole of the U12s age group, whilst also having 3 goalscorers inside the top 10 for the league. 

Having won the Shield Final, we are still in contention to win the league. 

Thank you without you it wouldn’t be possible!”

A big congratulations to Rangers on their incredible achievement, and we look forward to hearing from them when they win the league!

‍

HM3 are very proud and excited to announce that we are officially ISO27001 certified!

‍

ISO27001 is the globally recognised standard for information security systems, and defines the requirements which these systems must reach. Conformity with ISO27001 means that here at HM3, we have put in place a system to manage risks related to the security of data owned and handled by us.

‍

With cyber-crime on the rise and new threats constantly emerging, it can be difficult to manage risks related to these issues. ISO27001 helps HM3 to become risk-aware and means we are proactively identifying and addressing weaknesses.

HM3 are incredibly proud to have been awarded a certificate of appreciation for our continued support of The Royal Regiment of Fusiliers.

‍

We will continue to support and empower charities and causes close to us, and are looking forward to working with all of them in the future.

‍

Congratulations to Kerry Wallace and Harry Mellor for passing their relevant exams and becoming DATA PROTECTION OFFICER certified!

‍

We're incredibly excited to be able to expand the skillset of our team.

Director Darren Henderson visited the Walking With The Wounded North East Hub recently and pledged to work with and support Walking With The Wounded and "Those Who Served " . We are looking forward to working with Walking With The Wounded to see how we can work with together to continue #supportingthosewhoserved. We're excited about the prospect of expanding our relationship and working alongside each other to see positive outcomes and benefits for those who need it.

Background

‍

The world of end user compute (EUC) can be complex and often challenging for IT and Operations teams whose mission it is to continuously evolve and support complex, user-facing capabilities. Environments often comprise many dependencies and can be bound by the constraints of legacy technologies or historic architectural decisions. Frequently, this leads to an environment where teams are forced to deploy and manage workloads using complicated and lengthy manual processes. This can lead to lower end quality, a slow update deployment cadence, a high development and operating cost, all of which are underpinned by poor communications and collaboration between the IT development and Operations teams. These are problems that the software development domain often encountered, but are now in many respects, part of a bygone era. So, what can we learn and apply to the development and operation of EUC from the ways of working that the software development domain has adapted and matured in their quest to solve these issues?

‍

At HM3 we were recently asked this very question by one of our major clients. Our client operates a vast and complex EUC estate with many users working in different geographical locations, across a variety of platforms, and they are faced with the exact challenges that we have described. They are on a multi-year transformation journey to move applications and services away from on-premise hosting to a top-tier Cloud where it makes sense. Operating models will be transformed in order to maximise the opportunities presented by a new environment with strategic objectives to reduce waste, increase operational velocity and efficiency. We were set the challenge to identify and investigate ways to adopt a DevOps approach in the target state for development and operation of the EUC services. The simple goal being to introduce a new way of working to help realise their objectives at pace. In this blog we journal the investigation work that we undertook for our client outlining the approach and conclude with what was learned and played back to the client.

‍

What is DevOps to EUC?

‍

Firstly, we need to be clear about what DevOps means to us, since it is so often an over-loaded and misunderstood term. DevOps is explained well by AWS in their article What is DevOps? However, at a basic level, it is a union of cultural philosophies, practices and tooling that brings the typically siloed disciplines of development and IT operations teams more tightly together to work in unison towards the same goals. It focusses on giving teams autonomy, automating by default, and promoting cross-team communications and collaborations. This approach seeks to increase team velocity for feature release to customers, increase team efficiency, provide higher reliability and quality of products, increase security, which should all hopefully lead to a much happier end user.

‍

What we did

‍

Unsurprisingly, promoting DevOps practices for EUC, which are so well-known for the benefits they have brought to the software development domain, was met with some skepticism by some long-standing members of the EUC team. After all, what has software development got to do with development and operation of EUC services right? Well, we believe that, although there are clear differences in many areas between the two disciplines, there are some very relevant areas where the same challenges apply, and DevOps can help if approached in the right way. For that reason, our time-boxed client investigation focused on evaluating the DevOps practices where we felt that they offer the maximum bang-for-buck to our EUC challenges. These were:

‍

· Automation for provisioning core EUC infrastructure and deployment of workloads.

· Continuous Integration and Continuous Delivery (CI/CD) for automating the building, testing and deployment of EUC infrastructure and services.

· Collaboration and Communication through assembling a cross-functional team of architects, infrastructure engineers, operations specialists and security experts together under a shared responsibility model.

‍

Our approach was to test our hypothesis by building a minimal viable product (MVP) in a rapid, fail-fast fashion so that the team could learn by doing and we could evaluate against real business problems. We agreed our MVP goal was to take an EUC workload through to live deployment in an automated way. Simply, this meant specifying and building our EUC environments (development, reference, production) and core infrastructure using infrastructure as code (IaC) and using GitLab CI/CD pipelines to configure, build, test and deploy both the infrastructure and the workload. This was done time-boxed to a period of a few weeks to allow us to get just enough in place to evaluate what we have learned and where we would go next.

‍

We started small using a representative but straightforward and low complexity workload, a Commercial Off The Shelf (COTS) application used by the client’s IT teams. We analysed the workload’s lifecycle as it is today and mapped its value stream in entirety. Value stream mapping is a critical early job, as it flushes out every single step and action that is required to take a workload (service, product, capability etc) from the initial customer request right through to the realisation of value by the customer. In simple terms, this means mapping every bit of work that is required to take something from undeployed to deployed and in-service with users in the production environment.

‍

The value-stream mapping exposed a shocking reality for our client IT leadership team. For our simple workload there were many preparation, development and deployment steps, the majority of which were manual, repetitive and error-prone, with some having dependencies on overburdened IT operations teams external to our development team. It required infrastructure to be built to host the application, with many steps taking a significant amount of time to complete by following manual build and installation guides. The documentation set was large, and commonly there were gaps. The team needed to wait for the external IT operations teams to complete tasks on which they were dependent resulting in a huge amount of wasted time ‘blocked-waiting’.

‍

Infrastructure engineers were required to go back and repeat a series of steps due to errors being made in the manual steps and the errors not being spotted until all the steps had been completed - again a huge amount of wasted time and effort. The quality and security engineering SMEs were also under-utilised for most of these foundational steps and their skills only came into play at the end of the process and after the architects and infrastructure engineers had done most of the work to setup the environment and deploy the workload to it. When these specialists identified an issue, it was late in the process, and all the deployment steps would need to be revisited again in order to rectify the issue - more wasted time and effort. The IT leadership team were able to visually identify why everything took so long and why end products were often not of the highest quality on ‘go-live’. We now had a good understanding of the problem, and this enabled us to quickly identify the steps which should be automated both in terms of core infrastructure provisioning, application packaging and deployment and for quality assurance and compliance testing.

‍

The team swarmed to design patterns for the core infrastructure. Within a short period of time in comparison to the manual processes, we had the core infrastructure specified in IaC and under version control in the DevOps platform. The team worked together and sometimes in pairs to codify the

‍

infrastructure; the power of the GitLab DevOps platform allowed this parallel collaboration to happen without complexity. As they forged ahead, a Continuous Delivery (CD) pipeline was designed and built in the DevOps platform. They realised that Continuous Integration (CI) steps weren’t required as the teams’ workloads were normally all COTS applications as opposed to being software code components that required integration before deployment, but that was just fine.

‍

The cross-functional team now comprised the quality, operational and security specialists who worked in pairs with the infrastructure engineers. Early opportunities were exploited to codify security checks against industry and internal standards. Out of the box tools were enabled in the DevOps platform to perform security scans and inspections against industry standards within the pipeline. Functional and acceptance tests were written alongside the code to test the stack as it was incrementally built in the pipeline. This resulted in instant value return as we now had quality and security being designed in from the start rather than as an afterthought. Moreover, we had dramatically shortened the feedback loop from weeks to seconds, and this had happened through simple team organisation changes without much thinking! The team found security vulnerabilities in the core infrastructure stack as the IaC was being written and at preparation and deployment time, and the security specialist set about writing auto-remediation policies to plug them before we were anywhere near production. The team instantly swarmed to fix these issues before moving onto the next step – security and quality shifted as far left as we could get it.

‍

What was being born here was the DevOps shared responsibility culture of enhanced collaboration without anyone in the team really realising it. Issues being exposed early in the process and being made highly visible alongside having the normally ‘external’ quality and security stakeholders being part of the team, simply focused minds. The team were concerned with doing the job right as a whole rather than just shipping something that would be someone else’s problem down the line when it was thrown over the wall and found to be unreliable and not compliant. We now had a complex, core infrastructure written as IaC, under version control, with built in automated functional and security compliance checks. This was being deployed not through lengthy, highly documented, manual processes, but automatically by the Continuous Delivery pipeline as and when we change the IaC and committed it back to the repository. So why did our client care about this? Simple, we had eliminated most of the need to ever have our valuable and highly constrained engineering resources go through these time-consuming manual steps ever again. We had built a repository of highly valuable core infrastructure components that could be reused over and over again that come with a guaranteed level of quality. Just this alone would increase the quality when deploying new workloads, but it would also allow us to do it at a much higher velocity freeing those valuable resources up to concentrate on the bespoke deployment elements for the different workloads.

‍

We had also created the CD pipeline patterns that could be copied, pasted and enhanced for different workload types. This would enable a new workload to be stood up and deployed out, along with its core infra to many environments at a much higher pace. Finally, we had demonstrated a win with an instant culture change. Our operations, security and quality specialists were now a team alongside the architects and infrastructure engineers, and they were working in harmony to solve problems together rather than creating friction. Mostly importantly, the client’s leadership team could feel the excitement, enthusiasm and buzz that the whole team had generated being part of this MVP, and it was clear that this was a much better way of working from a collaboration point of view.

‍

In this short MVP cycle, we proved the hypothesis that basic DevOps principles can be applied to the development and deployment of EUC infrastructure and workloads with great advantage. DevOps in EUC can reduce cycle time, shorten feedback loops, enhance quality and remove repetitive, manual steps through more automation. However, we think the biggest win was the coming together of IT development and Operations specialists, through seemingly transparent and simple adjustments to the teams’ structure and culture. The buzz and new energy where everyone worked together to get the job done was infectious. This short MVP opened our clients’ eyes, and they are now undertaking a more widespread DevSecOps transformation to put these learnings into real life.

‍

We hit our £1,000 goal on Just Giving for Cancer Research UK!

‍

Everyone at HM3 would like to thank you all for the donations this month in aid of Cancer Research. On Monday we reached our goal, and we're incredibly appreciative of everyone who helped us get there. We have plenty more events in the works so keep can eye out for those here on LinkedIn

‍

Donations are still open for the time being, so if anyone would still like to donate, you can do so here: https://lnkd.in/ehdJknHN

‍

In June one of our directors, Andy Mellor, will be doing the Cateran Yomp walking challenge in Scotland to raise money for Cancer Research UK which is HM3's charity of choice for 2023. The walk consists of 54 miles of walking through the Cairngorm Mountains over the course of 24 hours.

‍

In support of this, HM3 and its associates will be doing a walking challenge throughout the month of June. The target for the month will be to walk 150,000 steps individually, which is comparable to the number done during the Cateran Yomp.

‍

If you would like to support us in our challenge and donate to our fundraiser for Cancer Research UK, we will be following this post shortly with a JustGiving link. Alternatively, if you would like to take part with us please let us know.

‍

We appreciate any and all support given during this challenge, as the cause is one that is important to all of us here at HM3.

‍

We will be hosting more events throughout the year so keep a look out for those to see what we're up to. You can check the News section of our website for all the details on future events here

HM3 are excited to announce the expansion of its Finance Office capability to support the continued growth and development of the company!

Yvonne Sims has taken the position of HM3 Finance Support Officer, focused on supporting our Finance Manager, Eleanor Miller, in improving the efficiency of our back office operation and managing our new business pipeline into delivery. HM3’s Operations Director, Andy Mellor “We're absolutely delighted that Yvonne has joined the HM3 team to support our planned business growth in the next financial year and beyond”

Welcome Yvonne!

We’re good at research, and budget setting, and requirements management. We know what we want, and how to go about getting it. If it’s not good for us, we walk away.

‍

So, why are we often so bad at doing this in the workplace? Is it because we want something more quickly, or cheaper, or both? Is it because of top-down management pressure to ‘just do it’, or unrealistic planning to satisfy someone’s unrealistic demands? In reality, it’s a combination of all the above, and it’s only when we are prepared to stand up and insist that the appropriate levels of effort and investment are applied to each task that we see the results we, and our stakeholders, expect.

‍

This is why the activity to establish good requirements is so crucial to a project’s success.

‍

Here at HM3 we pride ourselves on our ability to set accurate and realistic requirements for each and every project we carry out. Requirements should always be the first step in a project’s lifecycle, and will allow every individual involved to be made aware of what the expectations are from the outset.

‍

Requirements should cascade into a schedule, they should inform and guide design and build decisions, and they should directly correlate with test plans so that there is a very clear, documented record of assurance and approval. Without them, one or all the phases of your project lifecycle could become open ended and impossible to measure.

‍

When this happens, it becomes extremely difficult to move from one part of a project to another and if milestone payments are involved it’s likely very difficult to achieve them. Setting requirements before anything else is one of the foundational elements for achieving the successful delivery of agreed outcomes, and without them the inevitable result is that time and cost increase and output quality will be significantly lower.

‍

After all, if you don't know the requirement how do you know when you've finished?!

HM3 are excited to announce the expansion of its Business Office capability to support the continued growth and development of the company!

‍

Harry Mellor has taken the position of HM3 Contracts Manager, focused on supporting the renewals cycle for FY23/24, and improving the efficiency of our new business pipeline into delivery. HM3’s Business Development Director, Darren Henderson “We’re really pleased to welcome Harry onboard, this a critical expansion for HM3 as we ensure our existing and new clients receive the highest standards of engagement through these critical periods”

HM3 are delighted to announce that after a week long assessment we have received the CYBER ESSENTIALS PLUS certification! This is an extremely exciting step for the future of HM3, one which we are incredibly proud of. Here is what operations director Andy Mellor had to say about the announcement, "I'm delighted that HM3 is now Cyber Essentials Plus accredited. With the ever-increasing threat of cyber attacks, the fact that we've been independently assessed by an expert who has confirmed that we have robust controls in place, is really reassuring. we're doing all that we can to protect against common threats and that's a great benefit to both our customers and ourselves".

We are especially pleased to announce that as of the 9th November 2022, HM3 Consulting Ltd be working with CCS G-Cloud 13, aka the Government Cloud framework agreement between the government and suppliers of cloud services.

As a Digitial Transformation organisation who prides itself on delivering high quality services and solutions, access to the framework provides us with huge opportunity to extend our client base and further our reputation across the Public Sector.

Darren Henderson, Director and Andrew Mellor, General Manager of HM3 said, "We are very excited to discover the vast opportunties the CCS G-Cloud 13 framework will offer and look forward to posting news about future projects and work within our field of expertise".

‍

We're delighted to announce that HM3 Consulting Ltd have been successfully approved and awarded the Crown Commercial Service, Digitial Outcomes and Specialists 6 Framework contract (DOS6).

‍

Digital Outcomes and Specialists is a go-to digital marketplace procurement framework which assists the public sector in purchasing, designing and developing digital transformation outcomes, by accessing and sourcing expert specialists using an agile approach within the supplier community.

‍

HM3 offer the highest quality in Digital Transformation Services, providing Clients with the confidence they will receive the best in class solutions in support of their business requirements.

‍

Darren Henderson, Director at HM3 said, “We are very proud to have been appointed to the framework to engage with and support Public Sector initiatives through HM3's Digitial Transformation Service offerings, we look forward to posting news and updates on our journey over the coming months"

‍

‍

‍

‍

‍

Cyber Essentials is a government-backed scheme which helps to protect organisations against a whole range of cyber-attacks. At HM3, we take cyber security very seriously and as a result, have taken the necessary steps to protect our organisation and provide peace of mind that our defences are firmly in place.  Well done to the HM3 team involved in achieving this important accreditation.

‍

We are excited to announce the launch of the new HM3 website.  Our online presence has improved features and a new look and feel.  In addition to the refreshed style, the website is now more user-friendly and easier to navigate.  Keep an eye on our latest news and subscribe to updates!  A big shout out to Phunk Creative for your help and support in this.

‍

It is with great pleasure we can announce that HM3 now sponsor Ashton Master’s football team.  A male, veteran football team based in Cheshire.  At HM3 we are dedicated to the physical and mental well-being of our employees, associates, teams and wider community.  We fully support lifestyle choices which enable good health, such as exercise and healthy eating and we believe that through sport, physical and mental health thrives.   We wish the team the best of luck for the coming season.  Looking smart in the new kit lads!

‍

A huge welcome to Ray and Grant who have joined the team this month, bringing a wealth of knowledge, experience and expertise to our Service Architecture team.  We look forward to working with you in the future.

‍

We hit our £1,000 goal on Just Giving for Cancer Research UK!

‍

Everyone at HM3 would like to thank you all for the donations this month in aid of Cancer Research. On Monday we reached our goal, and we're incredibly appreciative of everyone who helped us get there. We have plenty more events in the works so keep can eye out for those here on LinkedIn

‍

Donations are still open for the time being, so if anyone would still like to donate, you can do so here: https://lnkd.in/ehdJknHN