DeepSec 2015 Talk: Agile Security – The Good, The Bad, and mostly the Ugly – Daniel Liber
Particle collisions are a rich source for insights into the inner workings of Nature. Physicists know this. The Large Hadron Collider (LHC) built by the European Organization for Nuclear Research (CERN) demonstrates this to the extreme. You can to the same in information security if you lock developers and security experts into a room. Acceleration can be achieved by asking for the best way for implementing security. Analyse the high energetic trails of heated arguments to gain new insights. This recipe works best with certain models of software development. David Liber will show you the results of the collisions and tell you what you can learn about security with a specific software development methodology.
Moving away from Waterfall and traditional development processes towards Agile methodologies has become more and more popular recently. Talking about sprints, looking at tasks boards, grooming backlogs – these terms are heard almost everywhere. However, the integration of security into Agile processes is not as smooth as one might think. This is still left sometimes on a ‘high level’ talk, leaving security experts scratching their heads trying to understand how to adapt the security practices.
This talk will help security engineers, developers and product owners and developers understanding both technical and operational security in Agile. Removing bottlenecks of security processes, eliminating security risks hidden inside of Agile methods, increasing the visibility of security tasks, in addition to how to perform the traditional security duties only in a faster, efficient pace – all of this will be covered in the talk, preventing possible fails and unexpected faults in your SDLC.
Bear in mind that the development of software can start with a few lines of code. So we recommend Daniel’s presentation for everyone developing code or designing products. Best to bring your whole team to the talk. Few applications are create by single developers these days.
Daniel Liber is the R&D security leader at CyberArk, a leading company in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Previously he has worked as an application security consultant for Comsec Consulting, working with customers from industries such as banking, finance, telecom and governmental offices. Daniel also served as a principle security team leader at Bank Leumi (Israel) with focusing on building secure mobile and web applications. Aside of lecturing in OWASP conferences and providing with security training sessions on various topics, Daniel is enthusiastic about security communities, exchanging ideas for research and promoting security, step by step.