Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Does Agile Make Us Less Secure?

GOTO Conferences via YouTube

Overview

Explore the intersection of agile methodologies and cybersecurity in this thought-provoking conference talk by independent cybersecurity expert Michael Brunton-Spall. Delve into the tension between agile practices and traditional security approaches, and discover practical solutions for integrating security into agile workflows. Learn about the complexities of modern systems, the importance of team-based decision making, and how to apply ISO 27001 controls in an agile environment. Gain insights on misuse cases, security debt management, and the benefits of regular releases for risk reduction. Understand why infrastructure as testable code and efficient patch management are crucial in today's development landscape. Challenge the notion that agile practices compromise security and leave with actionable strategies to enhance both agility and cybersecurity in your organization.

Syllabus

Intro
What is agile?
Individuals and Interactions over process and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
A process for assuring the preservation of confidentiality, integrity and availability of information
Criminal users on the internet
Platform Capitalism
Advanced Persistent Threats
Change control
Complexity theory
Simple Systems - A bike
Complicated systems - A car
Complex Systems - Traffic
Microservices and security
"Software that can fit in my head" James Lewis
Small systems focused on one business domain
Business based
Contracts for communication
Simple services with clear boundaries
Security must be an enabler for the team
The unit of delivery is the team
The unit of decision making is the team
Appoint a suitably senior and empowered decision maker
Workshop with whole team
Misuse cases
Applying ISO 27001 controls in agile
4 mechanisms: Avoid, Mitigate, Transfer, Accept
6 Controls: Deter, Prevent, Correct, Recover, Detect, Compensate
Record decisions against stories
Record deferred security debt
Security bugs are not evenly distributed
Product Owner/Service Manager is in control
Regular releases reduces risk
Infrastructure as testable code
Dealing with patches
One Government service released code once every 6 months
1 day = 4 years of practice
Summary
Agile doesn't make us less secure

Taught by

GOTO Conferences

Reviews

Start your review of Does Agile Make Us Less Secure?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.