Hello. Welcome to Module six. The conclusion of the agile course
In Model Six, we have three lessons. The applications of agile, the cyber security, the applications to enterprise project management and the conclusion because after all,
I have to address cybersecurity, cause this is a cybersecurity focus website. Um,
and my previous course was enterprise I t projects or enterprise project management. And I want to make sure that I, uh, circle the wagons on that a little bit
and then, of course, go through the conclusion.
So I'm your instructor cane, and we will go ahead and get started with less than 6.1.
is the applications of agile to cybersecurity.
So one of my rules is instructor of cybersecurity here at a local college
probably the most sought after courses information, security, management. And that's where we teach the schism basically framework for I Sacha.
And one of the things that I noticed pretty early on waas
I sack ago, that agile so
they don't call it that the framework and whatnot in their current version, which I believe is the 15th edition,
doesn't necessarily focus and use the same terminology. But it's the same techniques, right? So
implementing a security program
into an organization is often like into building the train track while the train is moving right.
If you were hired as, ah, the information security officer for an organization
Day one, you can't go in there and sale. I'm gonna build a program, and we're just gonna not do anything cybersecurity related for the next 12 24 months while I build this security framework
and security program
that isn't making any sense.
there are cyber threats that exists. Day one.
You have to mitigate those. You have to manage those cyber threats, while at the same time you have to develop an effective cybersecurity program that does your risk assessments that has the the risk mitigation programs incident response all of those things that
I sacha talks about.
if you think about it from an agile terminology, what you have to do
is you show up with sort of a minimum viable product being what exists today, and then you have to develop a security program that meets the needs of tomorrow. But while you're meeting the needs of tomorrow. You have to do innovative development because
there are security threats that exist today
that you have to address. So where of this is, um,
talks a lot about? I believe it's Chapter three, but I haven't practiced that particular book in a couple of months.
Only Father this Chapter three.
They talk a lot about impact. Focus. So when you're developing a security program, you want to be impact focused. What are the biggest impacts to the organization of a particular cyber security threat?
And again, if you'd look at the agile talking points, what do we talk about? We talk about value, business value, bringing value to the organization
well, if the security folks are talking about
speaking the language of the business owner by talking about the impacts of cybersecurity breaches, that's not
from the agile focus of talking about bringing value to the organization. So
there's a lot of terminology that's different, but a lot of the foundational requirements and knowledge that's the same.
So that's why I make the argument that cyber has gone agile at this point.
as these enterprise security programs
become more expensive because, honestly, they are that they're not cheap.
invite more oversight like we talked about in a previous video. One of the challenges with Agile is this idea that there's a big black hole, but I pour money into and I don't get it. I don't understand where I get my return on my investment.
While when the when the security program for organizations was small,
it didn't have a lot of oversight. There was not a lot of need for that type of structure because the investment dollars,
we're not high enough to invite that oversight. Well, here we are, 2000 and 20
and there's definitely more oversight. Security is expensive. Cybersecurity is the number one threat facing most organisations today,
and it's expensive to prevent more mediate to do those risk assessments.
And so the business owners are going to want to know and understand.
Where is that money going? Why am I spending that money so as asses Oh, or information security manager, you have to be able to
have those conversations with the business owners and again, this is a manual.
It really talks about that quite a bit. It's actually whatever 25% of the book.
But what they're not doing is leveraging the concepts of agile project management.
struggling with today
is the exact same problem
that software developers had in the 19 eighties and 19 nineties. If you remember from the first couple of videos we went over the history of Agile. Where this problem came to a head
is when organisations significant value in those organizations was in their software development programs, a significant
r a y a significant source of their revenue, however you want to look at it was in these new software products that they were building.
Therefore, all of a sudden they became the business owners and the chief executives. The C suite became very interested in What are these software people doing?
And that's where you ended up with a system development methodologies, so that there was a way for the management folks to understand what the software folks were doing
Fast forward 2030 years,
and we're right back to square one.
The cybersecurity field is new. Dynamic is growing. It's important. I'm not belittling anything that they're going through right now because it is a very, uh,
dynamic field and it changes daily. What they're experiencing today is what the software developers of the nineties and two thousands experience experience experienced.
So they're starting to adopt
project management methodologies and project management roles. Because they have to have is a methodology
structure their activities as these investment costs rise.
Eso in quite frankly,
if you have a cybersecurity background in cyber security certifications and
you have project management, knowledge, experience, experience and certifications,
you're like a uniform, their extreme there in extreme demand right now.
So if you happen to come from the cybersecurity background and you're taking this course in order to gain some knowledge about project management, you're in the right place.
If you're experienced product manager that's looking to try and break into the cybersecurity field, guess what? You're in the right place. It is very, very small world where both of those skill sets overlap. So that's where the application of this type of technology, tool set and methodology
So in today's video, we talked about agile in cybersecurity
and enterprise projects in cybersecurity, which are actually kind of the same thing. But it's this idea that
cybersecurity pro projects and programs today are enterprise programs. And agile is this idea of building the train track while the train is moving and that it speaks very directly to cybersecurity. So I want to thank you for your time and I will see you in the next video.