It’s not overly dramatic to say 2020 was a time of universal, unprecedented change. Companies like BAE Systems needed to keep going with existing IT states as well as building new capability. There’s been a massive shift to making better use of cloud capability and machine learning as well as technology modernisation and the high expectations that go with that.

Tell me more about transformation in the age of COVID

There has been an unprecedented cultural change, even before COVID, around ways of working, so a big shift from waterfall to agile and not just in the software development teams. As well as being pulled in multiple directions, everything also needs to be done faster and in a more agile way - including being more cost effective.

Time to ditch the legacy systems?

There’s a lot of organisational change and then there’s the technical stuff - both the old and the new. Extant IT or the legacy IT. I’m actually reluctant to call it legacy because I think a lot of people think ‘Oh, legacy equals bad; must rush to get off it,’ which isn’t necessarily the case.

If it does the job, provides good value and you can integrate with other things, then maybe you don’t need to rush to re-platform.

If it’s fit for purpose, providing it’s not costing too much money to maintain, for me that’s a tipping point when it starts becoming too costly to maintain and it becomes cheaper to build new.

Lots of organisations work on systems that were built in the 70s that are still perfectly adequate. There is also a case for very old legacy systems being less of a security risk because they’re less well-known, so there’s less off-the-shelf stuff that could attack them - security through obscurity.

What about the new surge forward into cloud?

Deep down, many people struggle with change. It’s reassuring if you can go to the basement in your building and see the servers and go, ‘Our stuff’s on there, it’s safe, I can see where it’s housed.’ That’s a very different mindset to cloud, where you don’t really know where it is, it’s just somewhere. It could be in multiple places; it could be in another country and that’s quite a troubling thought really, because its human nature to want to keep things that we want to protect close.

A lot of cloud capability is based overseas, so there are concerns around legislation in other countries that may make it hard to protect UK-based information because they’re not operating within the same legal frameworks necessarily. That doesn’t make it any better or worse, it’s just that because they’re different, they’re an unknown entity and therefore something to give more consideration.

Is government data always on the basement servers?

Government departments definitely have a drive to move to cloud. For several reasons, it’s probably been slower in some cases than in a commercial organisation. You can’t just decide ‘That’s a cool cloud service, I’ll go and buy it.’ It’s got to go through a whole host of rigorous processes and meet our security needs. It’s not a radically new concept, because we’re used to working with shared data centres and remote set data centres - cloud is just that in the extreme.

So how is agile fitting into this strategy?

Being able to deliver a variety of stuff faster has been the holy grail, forever. I’ve worked in the tech industry for 25 years and systems engineering methods have changed a lot during that time - but equally, agile isn’t as fresh as it might first appear.

Back in the ‘90s, there were lots of trends with more than a nod to agile - DSDM, Rational Unified Process, Rapid Application Development, Joint Application Development and extreme programming - agile builds on a lot of those principles. Though, if you take any type of process or methodology - agile included - and blindly follow it to the letter, you shouldn’t be surprised if you get to the end and you haven’t been successful.

The whole point of agile is being able to introduce change quickly. If you’re an organisation like Facebook, you release a change and your user community doesn’t like it, you can probably change it back. If you take the same approach to air traffic control, you’ve got different considerations.

You can’t think ‘Oh, whoopsie! We’ve introduced some unexpected behaviour with that release...’ as it could have tragic consequences. Yes, you need methodologies, but equally you can’t stop applying common sense - you need to choose the bits which are going to work for you.

How does agile work in safety critical systems?

We’re getting a lot better at testing things in parallel. The traditional way would be to take your new functionality and put it in one type of environment and do one type of testing - then take it to the next. This is how the vaccine for COVID has been developed; rather than each stage of a trial only starting after the previous one was successfully completed, all stages have been done in parallel. No less rigour - just less elapsed time.

For you

Be part of something bigger, join the Chartered Institute for IT.

One thing you can do to speed it up is to release it into all those environments at once so you’re running the different types of testing in parallel. Providing that testing is largely automated, it doesn’t really introduce any delay if you’ve got to fix something and restart a testing cycle.

In safety critical systems, it can take three months to do your testing properly. So the two week turnaround of agile isn’t appropriate - but you can take the principles of agile and adapt them to suit your project.

What about the challenge of transforming the workforce?

Most technical problems can be solved, it’s just a question of budget and time. People are a little trickier. They’re inconsistent, they don’t say what they mean. It’s just very different to writing code, which is a fairly linear process and you can see where you’ve gone wrong. People have different levels of self-awareness which can make that even harder.

Some people will know that they feel threatened and unsettled by change and are able to articulate that. Other people don’t recognise it in themselves and it can manifest itself in some unhelpful behaviours.

People don’t behave at their best when they feel threatened. With transformation, people can feel disempowered; they might feel that they’re losing some authority, they just might understand where they fit in the future, they might have had their eye on a particular role as part of their career progression and then there’s the age-old problem that we’ve always had with rolling out more technology, which is that people feel that their job security is threatened. Roles evolve. Companies change. Each person has to be responsible for future- proofing their own skills.

How do you get the board onboard?

It’s one thing to deliver a high-level strategy, but another to explain all the bumps in the road to getting there. I’ve spoken alongside some of the senior people in meetings with government departments and it’s not uncommon to hear ‘We’re just not ready for it yet.’ It comes down to just getting started.

You’re not going to be able to achieve all of it all at once, but if you just get started you’ll start seeing results. Also, having top level business sponsors onboard, especially across the defence space, wins hearts and minds from uniform personnel. Some of the IT people are uniform. If it comes from them, it’s different to it coming from a contractor or a supplier. Getting that sponsorship I think makes a huge difference to success.

What about in diversity? Does having women leaders attract other women into tech?

I was a student member of BCS in ’94, graduated and joined BCS Women. I think it was Sue Black who set it up - who has done some amazing things for women in tech.

Seeing women in tech meant a lot to me, because I was the only girl who graduated in computer science and maths that year at Manchester University - and it’s a huge university. When I started work, there were female programmers but there weren’t that many who had come from a computer science background. Even so, it was good to know that you’re not alone.

Working in the engineering industry, lots of people have professional accreditation, so it was important for me to go through CITP and later, I was invited to become a fellow of BCS. To bring it back to women in IT, I’ve noticed that there’s a trend on social media where some women were being criticised for being immodest because they used their doctor or professor titles.

The BCS Women’s twitter feed has #ImmodestWomen in it, so I made a point of putting it on my LinkedIn profile. You’ve invested so much time in getting professional status and qualifications, you should be proud of your achievement.

How do you encourage more women into the IT industry?

It’s important to know, it’s not just about being a coder. Yes, coding is great - I enjoyed my time as a coder and I don’t think people should be put off, because even if you start there, you don’t have to be a coder forever - you can move around. Just look at the sheer variety of jobs there are in IT. If I could talk to the whole world about the tech industry, I’d like to set some records straight about the sheer number of roles available. It’s not just about code.

Do women lack confidence to go into a male dominated world?

There’s a fallacy that women lack confidence. I don’t think women lack confidence, I think sometimes the way we express ourselves is interpreted differently by other people. So, rather than saying ‘yes,’ we might say, ‘I don’t know how, yet.’ The person hearing that could think we lack confidence, when it’s just that the way the response has been articulated is different and perceived differently. I have quite a strong reaction to anything which is around fixing the confidence gap in women. I don’t think it’s a confidence gap that women have, I think the world lacks confidence in women.