Ready to Start Your Career?

Agile IT Security – What does your IT Security Roadmap look like?

jdthbear's profile image

By: jdthbear

December 28, 2018

Us Agile enthusiasts don’t like big projects. Instead, we like to split a big objective or goal into Epics and Features. If you are managing things well eventually you will end up with a product Roadmap. A Roadmap tells you broadly what features will be delivered and when. For a long time now, Scrum Masters and Product Owners have been using Roadmaps to communicate their project and product plans. At Daniels Solutions we have trialed and tested this in the IT Security Domain and have found it to be highly effective.


So from traditional Agile theory a Product Roadmap describes how a product is likely to grow across several product releases. Scrum Masters work hard to ensure that what they deliver on a month by month basis aligns with the organisational objectives, hence these objectives can easily be presented via a Roadmap. At a minimum the Roadmap should look at least 3-6 months in the future, and shou

Product Roadmap and Product Backlog

ld contain broad target dates for when features will be delivered.

So from an IT Security perspective a Roadmap will consist of the key deliverables that you will achive during the next 3-6 months. This will include things like completing Privacy Impact Assessments, reviewing and updating supplier contracts, updates or upgrades of systems that are out of support, implementation of specific security controls, and completion of Overview Security Documentation, and the list goes on…

IT Security Roadmap.PNG

The above example is very simple. But still demonstrates the key features of a security roadmap and its effectiveness.


A Roadmap is a Powerful tool and should be used by IT Security professionals. We have summarised the key benefits below.


  1. Simple and effective communication of your high level goals which serves both Directors, IT Security staff on the ground, as well as other teams.
  2. A Roadmap is always designed in a simple way so requires little effort to modify where required.
  3.  Helps with prioritisation of security objectives
  4. Unburdens the Security Managers from numerous stakeholder update meetings, and allows them to focus on delivery of the security deliverables
  5. Helps as a tool to acquire budget as it focusses on the deliverables and benefits
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry