Scope Creep
I’ve always liked the phrase scope creep not the reality of it, just the wording.
Maybe it’s my fondness for zombie films. Whether it’s the slow, inevitable Romero-style shuffle or the newer, faster variants, they don’t announce themselves. You only realise what’s happening when they’re already too close.
That’s exactly how scope creep behaves in technical projects — and why it’s so damaging.
It rarely arrives as a formal decision. Instead, it slips in through side conversations, “small” assumptions, and unclear ownership — until a straightforward migration quietly turns into a transformation.
In security and infrastructure work, migration versus transformation isn’t semantics. It changes architecture, risk, timelines, and commercial commitments. When that distinction isn’t made explicit, the technical team is left trying to reconcile incompatible expectations.
The solution isn’t heroic engineering.
It’s governance.
Pause. Clarify. Write it down.
Clear scope, clear ownership, and phased delivery aren’t bureaucracy — they’re how you stop projects being overrun and protect both delivery quality and customer trust.
I like the phrase.
I just don’t like what happens when no one deals with it early enough.
Curious to hear others’ worst examples of scope creep or, failing that, favourite zombie films?
richsec.blog 