“As a Database I want to receive input from x system.”
I’ll never forget seeing that user story in a defense project. A team so committed to following Agile “best practices” that they turned their database into a character with wants and needs.
This absurd example reveals something deeper about how organizations approach standardization. Following best practice standards helps absorb learning from a pool of professionals, providing a generic framework or blueprint.
But what organizations fail to see is the requirement for customization and applying flexibility to make it work for their teams.
The cost of this blindness runs deeper than most leaders realize. There’s a high cost associated with implementing best practice which may not be appropriate for client profile or budget.
In defense and intelligence contexts, this cost becomes existential.
The Context Collapse Problem
I’ve seen projects where agile scrum has been applied without flexibility. Business analysts and development teams try to fit technical stories into user story format, creating linguistic gymnastics that obscure rather than clarify.
The database user story represents a perfect example of forcing methodology over meaning. When teams prioritize format over function, they lose the very benefits the methodology was designed to provide.
Research confirms this pattern. Agile transformation failures occur in 47% of cases, with 77% being Scrum transformations specifically.
The problem isn’t the methodology itself. It’s the mechanical implementation that ignores context.
Using cookie cutter practices in an already complex landscape such as defense can lead to more confusion and therefore more time to decipher. Best practice has a cost associated with it and that cost is both financial and security related.
The Security Paradox
Most people think following standards makes things more secure. In defense contexts, the opposite often proves true.
When teams force-fit frameworks into mission-critical systems, they create new vulnerabilities. The “As a Database” thinking creeps into security architectures, where rigid adherence to process matters more than actual protection.
The defense industry struggles with “Taylorist traditions” that conflict with adaptive practices. This creates continuous inflation and delays, impacting national security and human lives.
Cookie cutter solutions assume uniform contexts. Defense operations demand the opposite.
Every threat landscape differs. Every mission has unique constraints. Every system faces distinct attack vectors.
Standardized responses to non-standard problems create predictable weaknesses. Adversaries study your “best practices” too.
The Innovation Trap
Organizations adopt best practices to reduce risk and leverage proven methods. This creates an innovation paradox.
The very frameworks designed to improve performance can constrain organizational learning. Teams become so focused on following the process that they stop questioning whether the process serves the mission.
I’ve watched teams spend hours debating whether a technical requirement fits the user story template. Meanwhile, actual security threats evolve faster than their documentation processes.
The Standish Group’s analysis reveals the scope of this waste. 64% of features delivered to customers are never or rarely used, meaning organizations waste 64% of their development resources on unnecessary functionality.
In defense contexts, this waste isn’t just inefficient. It’s dangerous.
The Financial Reality
Digital transformation initiatives suffer from identical problems. Digital transformation success rates tell a sobering story.
Only 20% of organizations achieve more than three-quarters of anticipated revenue gains. Only 17% achieve expected cost savings.
The fundamental issue remains consistent across industries. Companies are generally terrible at enterprise-wide change management because they prioritize process over adaptation.
Template solutions won’t truly scale for specific businesses. A one-size-fits-all methodology makes too many assumptions that may not be relevant to that particular organization.
The financial cost compounds when you factor in opportunity costs. Every hour spent forcing square pegs into round holes is an hour not spent solving actual problems.
The Defense Difference
Defense and intelligence work operates under different rules. Failure doesn’t just mean lost revenue or missed deadlines.
Failure means compromised operations, exposed assets, and potential loss of life.
The stakes demand customization, not standardization. Every client profile brings unique requirements, threat models, and operational constraints.
BAE Systems Digital Intelligence understands this reality. With 450 years of heritage in technical innovation, we’ve learned that protecting what matters most requires adaptive solutions, not cookie cutter approaches.
Our role as a trusted digital mission partner means recognizing when to follow established frameworks and when to forge new paths.
The Path Forward
I’m not arguing against learning from others’ experiences. Best practices provide valuable starting points and proven frameworks.
The key lies in treating them as starting points, not endpoints.
Smart organizations extract principles from best practices while maintaining flexibility in implementation. They ask better questions: What problem is this practice solving? Does that problem exist in our context? What would success look like for our specific situation?
This approach requires more thinking upfront. It demands deeper understanding of your unique context, constraints, and objectives.
But the investment pays dividends in both security and performance.
The database doesn’t want anything. Your users do.
Your mission demands solutions designed for your specific threats, not generic ones borrowed from different contexts.
The hidden cost of best practices isn’t just financial. It’s the opportunity cost of not developing the adaptive capabilities your organization actually needs.
In defense and intelligence work, that cost can be measured in more than money.
