Agile IT Security – What does your IT Security Roadmap look like?

December 28, 2018 | Views: 4905

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Us Agile enthusiasts don’t like big projects. Instead, we like to split a big objective or goal into Epics and Features. If you are managing things well eventually you will end up with a product Roadmap. A Roadmap tells you broadly what features will be delivered and when. For a long time now, Scrum Masters and Product Owners have been using Roadmaps to communicate their project and product plans. At Daniels Solutions we have trialed and tested this in the IT Security Domain and have found it to be highly effective.


So from traditional Agile theory a Product Roadmap describes how a product is likely to grow across several product releases. Scrum Masters work hard to ensure that what they deliver on a month by month basis aligns with the organisational objectives, hence these objectives can easily be presented via a Roadmap. At a minimum the Roadmap should look at least 3-6 months in the future, and shou

Product Roadmap and Product Backlog

ld contain broad target dates for when features will be delivered.

So from an IT Security perspective a Roadmap will consist of the key deliverables that you will achive during the next 3-6 months. This will include things like completing Privacy Impact Assessments, reviewing and updating supplier contracts, updates or upgrades of systems that are out of support, implementation of specific security controls, and completion of Overview Security Documentation, and the list goes on…

IT Security Roadmap.PNG

The above example is very simple. But still demonstrates the key features of a security roadmap and its effectiveness.


A Roadmap is a Powerful tool and should be used by IT Security professionals. We have summarised the key benefits below.


  1. Simple and effective communication of your high level goals which serves both Directors, IT Security staff on the ground, as well as other teams.
  2. A Roadmap is always designed in a simple way so requires little effort to modify where required.
  3.  Helps with prioritisation of security objectives
  4. Unburdens the Security Managers from numerous stakeholder update meetings, and allows them to focus on delivery of the security deliverables
  5. Helps as a tool to acquire budget as it focusses on the deliverables and benefits
Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?