As you know, it helps usability a lot to work closely with users. What I’ll say here is that working with users helps other -ilities too. I’m defining usability as UI, human-computer dialogue, and functionality. I think it’s clear that working with users contributes greatly to these things already. Let’s now look at the “hard” non-functional requirements that are usually thought of as being intricately tied to inanimate objects.

Performance (Veloc-ity!): Why tune some code if the user hasn’t asked for it? Because you found a cool new pattern on theserverside and decided you’d get a big performance boost? It’s probably a waste of time if your users aren’t feeling the pain. Know your users, and you’ll know what, if anything, needs optimising.

Resilience (Reliabil-ity + Saf-ity): Again, it’s common to assume this comes down to measures like uptime. Not true. Your users can direct your work by telling you which aspects they value the most. Maybe your users are willing to have the system go down for ten minutes a night if it means performance improves for the rest of the day. Maybe they need the UI to be always on, but back-end messaging can be delayed. Knowing this information can save a lot of headaches and help deliver value where users really need it.

Maintainability: + Flexibility:** Understanding users and their needs can help you to understand the sort of things that will change later on. If you’re following a purely agile approach, that probably won’t apply. For everyone else, if you’re going to guess, make it accurate.

Security: Security and usability is one big pair of conflicting forces. The classic example is the password policy: make it too lenient, and you’ve broken security. Make it too hard, and you’ve got a post-it note on the user’s monitor. Security has long been recognised as a holistic discipline, involving a consideration of physical spaces, workflow, staff hierarchies, and so on. Would it make a difference if you saw that the application was only used inside a heavily guarded machine room, isolated from any network, versus an internet-enabled system that can be accessed from any PC? It should! That’s a slightly extreme example, but there are many details about security that can be picked up by working with users.