Question about: The PO, vague requirements and the Team members

Hana writes from Finland.  [Shortened, and lightly edited.]

Hi Joe,

…. I found this question without answer, so I have an interest to know it’s answer.


I responded:

Hi Hanna,
….[See my response in-line, below.] ….

Question - The product owner wants to build security firewalls into the product.
How can the team members support this? [Which is the best answer below.]
A- Add new security features to the backlog and prioritize

Well, I am ok if the Team members write stories under this epic.  But the PO is the final prioritizer.  Hence, I think this one is not the best choice.

B- Execute a spike to research security features for the project

Well, I do think the “problem” indicated in A is first.  That is, what kinds of BUSINESS features do we need when we say “security firewalls”.  I think of the Team members as technical.  I feel like I’d want to understand the business need more, before I helped with technical.  This answer says “security features”… some people who are Team members could do this (ie, from a “business” POV)…others could not.

Note: The question implies, to me, a substantial lack of detail on the (business) requirements.  This should have been addressed before the (big) story came into the Sprint.  In that regard, if we get the Team members involved in that, that might be a spike in the Sprint before the “real” Sprint where we build it.

C- Ask questions to determine where and how the product owner wants to use the product

Well… that’s rather broad.  It seems to be about general usage, not usage specific to security firewalls.  If the writer MEANS…so that we can understand the security firewall requirements in more detail, I’d say that could help. Probably.

D- Ask questions to determine if the product owner can define the desired level of security

Well…depends how you read this.  If the writer MEANS … ask questions to enable the PO and the Team members together to write smaller stories under that epic… YES!  And to define enough details under each story. Yes!

Especially if the Team members would be good at that kind of discussion.  (Some are.)  I do agree with the notion that “security firewall” features (the so-called business side of them even) is a fairly technical subject these days.  So, if the writer MEANS… pester the PO endlessly with technical info and related questions until the PO (alone) explains all the security firewall features… I am not very happy.  I am assuming that “the product” is NOT fundamentally a security product, but rather a “normal” product (some reg business app that connects to the internet, and so security becomes a fairly important issue).  Hence, I would expect a good PO in this domain to be mainly good at the regular product and not so good with its security firewall features (yes, I could imagine other scenarios).

If D said “Work with the PO to help the PO define the details of this big feature and especially the desired level of security”…. then of the 4, I would choose this one.  In fact, while I am not happy, I would probably choose D just as it is.

OK….what do YOU think the right answer is? Or, Hana, what did your test writer think the right answer was?

Editor’s Note: This question is in a format similar to that used for the CSM Test.  But, I am not aware that this question is on the CSM Test.  Pretty sure it is not.


« « Agile Transformation: 4 Suggestions and Discussion || Question: A technical challenge arises inside the Sprint » »


Leave a Reply