Book Review: The Phoenix Project

A review of Gene Kim, Kevin Behr & George Spafford’s “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win” .
The Phoenix Project should be on every entrepreneur’s reading list and is a C-level executive’s “Aesop’s Fable on why IT matters”. The book bills itself as “A Novel About IT, DevOps, and Helping Your Business Win”, but its message is more fundamental: a business cannot succeed when its IT fails.
The Phoenix Project has a convincing and captivating style. So much so that I found myself at times transported back into the office via the experiences of the book’s protagonist, Bill Palmer. Bill is the fictional Director of Midrange Technology Operations at an automotive parts company named “Parts Unlimited”. He’s a former military man who wants to do the right thing for himself, his family, and his co-workers. We catch up with him at the moment when his career is given an unexpected boost: he is called into the CEO’s office and “voluntold” (a brilliant term popularized by Security Weekly’s Jack Daniels) to shepherd the life-saving project of the company, dubbed “Project Phoenix”, to successful implementation. Bill is given what is essentially an opportunity to not just fail, but fail spectacularly. He’s constantly fighting the battles many IT departments face: poor planning, rushed implementations, an adversarial relationship with both Security and Auditing, as well as project managers that demand their specific pet projects be everyone’s main priority. Except now he’s being promoted to VP of IT Operations after the last CIO and VP have been removed, putting himself in the line of fire.
While I am nowhere near a position of responsibility such as Bill’s, I could completely identify with his feelings as he worked through one outage after another: frustrated, tired and annoyed at dealing with a completely avoidable problem. During the course of the book, Bill is thrown into various emergencies and IT catastrophes, only to ask himself “How did things get so out of control?” Fortunately, just like the Security Weekly crew’s favorite martial arts tales, Bill (and the reader) is shown down the path to enlightenment via the “Three Ways” by a quirky, rude and mysterious ‘master’ named Erik Reid.
Erik describes the Three Ways as follows:
“The First Way helps us understand how to create fast flow of work as it moves from Development into IT Operations, because that’s what’s between the business and the customer. The Second Way shows us how to shorten and amplify feedback loops, so we can fix quality at the source and avoid rework. And the Third Way shows us how to create a culture that simultaneously fosters experimentation, learning from failure, and understanding that repetition and practice are the prerequisites to mastery.”
However, before Bill can learn the Three Ways, Erik puts Bill on the path to breaking the constant cycle of Reactive IT with a simple question: “[What] exactly, is your definition of ‘work?'” It’s a question that Bill initially struggles with, but is the key to his voyage of self-discovery. Bill moves through various obstacles in the book towards learning the Three Ways and the book does a great job of showcasing typical scenarios many IT workers find themselves in and how the Three Ways can keep projects and work from becoming unmanageable.
Having recently read “Visible Ops Security” by two of the three authors of “The Phoenix Project”, I came away with a more comprehensive appreciation of the Visible Ops’ lessons after finishing the novel. Via the book, I took the journey along with Bill, rather than feeling like I had been lectured. If you feel that your IT operations are a constant treadmill of poor planning and hurried execution, The Phoenix Project is an enjoyable 330 pages that shows us how to turn our shops from Reactive IT to helping the business win. To hear more on this topic and get more info on the book, be sure to catch Gene on Episode 316 of Security Weekly at 6PM this Thursday January 17th!