We have begun the content migration to the new website based on the Kentico 10 platform. Dual-entry of items is required for content which has migrated. For details see the migration status page.

Get certified - Transform your world of work today


Evil Hacker Prioritization

New Product Owners often struggle with assigning a priority and business value to Product Backlog Items.  A common refrain is “all my PBI’s are must-have! And they’re all maximum value!”

In a recent coaching session with one such Product Owner, we came up with a useful “thought experiment” for getting to clarity on this.

“Imagine it’s the day before release, and we discover that an evil hacker has broken into our system and installed ‘ransomware’ that disables a single Product Backlog Item. Which PBI would you choose?” The Product Owner thought for a moment, and picked one. He commented, “it’s sure a lot easier to decide what my lowest value feature is than my highest!”

We continued with the thought experiment. “Now, you receive a ransom demand from the evil hacker – if you pay it, the PBI you just chose will be unlocked. So what’s the most you’d pay to get it back?”

The Product Owner was unsure of the exact amount, so we grabbed a pack of Planning Poker cards and said, “One point equals a thousand dollars. Pick the card that is the highest amount you’d pay to get the feature back.”

The Product Owner picked a card, and we recorded this “ransom value “ in the Product Backlog.

We continued: “Unfortunately, the evil hacker rejects your offer, and out of anger, he disables another PBI. Which one would you choose next?” We repeated the cycle one by one, until there were no more PBI’s remaining.

It was very interesting to see how much easier the Product Owner found it to identify the lowest value item on the Product Backlog, and prioritize from the bottom to the top, rather than vice versa. And the “ransom” value turned out to be conceptually an easier way to zero in on the business value of each of the Product Backlog Items.

Article Rating

Current rating: 5 (5 ratings)
To leave a comment, please login with your scrumalliance.org credentials.
Paul Silcox
That's an interesting take on asset evaluation (Availability portion of the IA triad).

If you are interested I published a paper at the University of Oxford in 2013 (as part of an MSc thesis) to integrate cyber security into Agile.

Should anyone wish to have sight I'd be more than happy to pass it on. Please drop me a line via the contact form on my website.


5/11/2015 4:18:43 AM

Rohan Bhokardankar
Innovative approach Pete.

Most Product owners feel everything should be accomplished.
I am working on various techniques to break the user story, so that team can deliver incremental business value. For now have succeed in convincing the PO to give rating 1 to 5 for BV
4/8/2015 8:43:43 AM

Arjun Ghosh
A very interesting approach and solution.
3/27/2015 5:54:06 AM

Jessica Prabhakar
Awesome tips Pete. Thankyou!
3/20/2015 4:21:32 AM

Harshad Chandre
This indeed is a great way to prioritize the product backlog.
3/4/2015 4:58:17 PM

Pete Deemer
Thanks Jocelyn, glad you liked it!
2/26/2015 2:56:26 PM

Jocelyn Morris
Great read. So often the Product Backlog can be the point of failure when trying to get the Product Owner to prioritize PBIs, especially when the methodology is new.
2/25/2015 6:05:59 PM


Newsletter Sign-Up