Agile practices for security teams

View the original Working Session content

Description of session

The session considered how agile methodologies benefit the development lifecycle, and how security should and could be approached in the same, or a similar, way.


Backlog Backlog
Priorities Priorities
Risk of not doing S Not as such
Reacting to change More strategic, less agile
Scaling is easy Not scalable
Automation is easy Difficult to automate
Continuous risk management and threat modelling

For SiA For AiS
Playbooks with security requirements Incident response
Sec requirements over Sec stories Reserved points
Link discovery phase with analysis ITIL (IT Infrastructure Library)
Educate Devs on Threat Modelling Prioritize between reacting to incident vs. finishing the task
Security expectations known (ASVS)
Triggers for checks before coding begins
Decision for the right triggers based on predefined rules

Session organiser(s)


Attached materials: