How do you manage your technical and operational security? Do you follow a model? If so, what’s the flavour? Do you borrow concepts from software development? In case you do or you plan to do, then Daniel Liber might have some ideas for you. At DeepSec 2015 he held a presentation about Agile and a possible relation to information security.
Buzzwords about Agile are flying around in overwhelming speed, talks about Scrum, Kanban, XP and other methodologies and practices are thoroughly discussed while security is still left as a ‘high level’ talk, or, sometimes, as understanding how to adapt from traditional development methodologies. Some best practices will leave you scratching your head, unsure what was the original intention and without understanding how to implement security in Agile, effectively.
This talk will help security engineers, developers and product owners and developers understanding both technical and operational security in Agile. Removing bottlenecks of security processes, eliminating security risks hidden inside of Agile methods, increasing the visibility of security tasks, in addition to how to perform the traditional security duties only in a faster, efficient pace – All of this will be covered in the talk, preventing possible fails and unexpected faults in your SDLC.
We would like to hear about your implementation of technical and operational security. Let’s hear them at DeepSec 2016.