how to add security in agile process
DESCRIPTION
Are you close to define security requirements? Are you close to stakeholders and product owner to share the risks and obtain priority? Follow my experience the InfoSec guys must be part of the agile teams. Regarding Design: The InfoSec guys need to be focused on security product engineering taking a look over the security design and define all requirements. Regarding Coding: The software should be tested by several engines, solving possible security coding issue, implement a rugged software process. Regarding Release/Delivery: The InfoSec guys need to provide hardening for each solution tested, hardening and possible security automations. Anyway, be part of the team.TRANSCRIPT
On chickens’ land who made security is a pig?
“I'm founder and work on atomsec.com.br”
Hi, I’m @brunomottarego
Agile what’s that?
SCRUM
SCRUM Team
Chicken and Pigs
What they think about security?
Challenges
schedule, scope, and budget
Security is not a feature
Challenges
Security feature is different of the secure feature
Challenges
Security is not a deliverable in a project plan
Challenges
Security is not only a penetration test
Challenges
Security is not “phase 2”
Challenges
Security is a state of mind it is a state of being
it is a mentality
Challenges
What does it take?
Step 1 be a pig.
Step 2 educate stakeholders.
Step 3 define a security advisor.
Step 4 automated testing.
(security, unit and acceptance testing)
Thank you!
We've to make software run and make them run secure and better.
@brunomottarego