cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer II

Re: Security integration into Agile, Scrum,

I started in my shop under waterfall however we have since changed to agile. In both scenarios, our information protection and change management teams were the key security enforcers across the corp. It is difficult for me to say Agile methodology integrates security by nature because it really is up to the development and business teams making it a priority in the form of Epic/Features/User Stories. Fortunately for us, our Information Protection team has started enforcing business and IT stakeholder sign-off on significant risks. We still use the same security assessment processes regardless of methodology. This has helped the development and business teams stay engaged with security in mind as it applies to everyone not only developers/IT.

Contributor II

Re: Security integration into Agile, Scrum,

I bought that O'Reilly book last week and read most of it. It definitely helped me think about things within the context of agile, that's for sure.
-- wdf//CISSP, CSSLP
Highlighted
Newcomer III

Re: Security integration into Agile, Scrum,

You could scrape job boards for types of roles such as developer or devops and build a word cloud to show no one gives a hoot for secure anything, and if enterprises are not demanding it, then they surely are not building it securely.