Agile practices for security teams

View the original Working Session content

Description of session

The session considered how agile methodologies benefit the development lifecycle, and how security should and could be approached in the same, or a similar, way.


Risk of not doing SNot as such
Reacting to changeMore strategic, less agile
Scaling is easyNot scalable
Automation is easyDifficult to automate
Continuous risk management and threat modelling

For SiAFor AiS
Playbooks with security requirementsIncident response
Sec requirements over Sec storiesReserved points
Link discovery phase with analysisITIL (IT Infrastructure Library)
Educate Devs on Threat ModellingPrioritize between reacting to incident vs. finishing the task
Security expectations known (ASVS)
Triggers for checks before coding begins
Decision for the right triggers based on predefined rules

Session organiser(s)


Attached materials: