Time
3 hours 55 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:01
Hello. Welcome to Module six. The conclusion of the agile course
00:08
In Model Six, we have three lessons. The applications of agile, the cyber security, the applications to enterprise project management and the conclusion because after all,
00:21
I have to address cybersecurity, cause this is a cybersecurity focus website. Um,
00:26
and my previous course was enterprise I t projects or enterprise project management. And I want to make sure that I, uh, circle the wagons on that a little bit
00:36
and then, of course, go through the conclusion.
00:39
So I'm your instructor cane, and we will go ahead and get started with less than 6.1.
00:46
The lesson 6.1
00:48
is the applications of agile to cybersecurity.
00:53
So one of my rules is instructor of cybersecurity here at a local college
00:59
and
01:00
probably the most sought after courses information, security, management. And that's where we teach the schism basically framework for I Sacha.
01:11
And one of the things that I noticed pretty early on waas
01:17
Basically
01:18
I sack ago, that agile so
01:22
they don't call it that the framework and whatnot in their current version, which I believe is the 15th edition,
01:30
um,
01:33
doesn't necessarily focus and use the same terminology. But it's the same techniques, right? So
01:40
implementing a security program
01:44
into an organization is often like into building the train track while the train is moving right.
01:51
If you were hired as, ah, the information security officer for an organization
01:57
Day one, you can't go in there and sale. I'm gonna build a program, and we're just gonna not do anything cybersecurity related for the next 12 24 months while I build this security framework
02:08
and security program
02:10
that isn't making any sense.
02:13
So
02:15
when you show up,
02:16
there are cyber threats that exists. Day one.
02:21
You have to mitigate those. You have to manage those cyber threats, while at the same time you have to develop an effective cybersecurity program that does your risk assessments that has the the risk mitigation programs incident response all of those things that
02:39
I sacha talks about.
02:44
So in essence,
02:46
if you think about it from an agile terminology, what you have to do
02:50
is you show up with sort of a minimum viable product being what exists today, and then you have to develop a security program that meets the needs of tomorrow. But while you're meeting the needs of tomorrow. You have to do innovative development because
03:07
there are security threats that exist today
03:10
that you have to address. So where of this is, um,
03:16
talks a lot about? I believe it's Chapter three, but I haven't practiced that particular book in a couple of months.
03:23
Only Father this Chapter three.
03:27
They talk a lot about impact. Focus. So when you're developing a security program, you want to be impact focused. What are the biggest impacts to the organization of a particular cyber security threat?
03:39
And again, if you'd look at the agile talking points, what do we talk about? We talk about value, business value, bringing value to the organization
03:52
well, if the security folks are talking about
03:57
speaking the language of the business owner by talking about the impacts of cybersecurity breaches, that's not
04:05
too far removed
04:08
from the agile focus of talking about bringing value to the organization. So
04:13
there's a lot of terminology that's different, but a lot of the foundational requirements and knowledge that's the same.
04:21
So that's why I make the argument that cyber has gone agile at this point.
04:26
In addition,
04:28
as these enterprise security programs
04:31
become more expensive because, honestly, they are that they're not cheap.
04:36
They
04:38
invite more oversight like we talked about in a previous video. One of the challenges with Agile is this idea that there's a big black hole, but I pour money into and I don't get it. I don't understand where I get my return on my investment.
04:53
While when the when the security program for organizations was small,
04:58
it didn't have a lot of oversight. There was not a lot of need for that type of structure because the investment dollars,
05:06
we're not high enough to invite that oversight. Well, here we are, 2000 and 20
05:15
and there's definitely more oversight. Security is expensive. Cybersecurity is the number one threat facing most organisations today,
05:24
and it's expensive to prevent more mediate to do those risk assessments.
05:31
And so the business owners are going to want to know and understand.
05:36
Where is that money going? Why am I spending that money so as asses Oh, or information security manager, you have to be able to
05:45
have those conversations with the business owners and again, this is a manual.
05:50
It really talks about that quite a bit. It's actually whatever 25% of the book.
05:56
But what they're not doing is leveraging the concepts of agile project management.
06:03
So what they're
06:05
struggling with today
06:09
is the exact same problem
06:12
that software developers had in the 19 eighties and 19 nineties. If you remember from the first couple of videos we went over the history of Agile. Where this problem came to a head
06:23
is when organisations significant value in those organizations was in their software development programs, a significant
06:33
r a y a significant source of their revenue, however you want to look at it was in these new software products that they were building.
06:44
Therefore, all of a sudden they became the business owners and the chief executives. The C suite became very interested in What are these software people doing?
06:53
And that's where you ended up with a system development methodologies, so that there was a way for the management folks to understand what the software folks were doing
07:05
Fast forward 2030 years,
07:09
and we're right back to square one.
07:13
The cybersecurity field is new. Dynamic is growing. It's important. I'm not belittling anything that they're going through right now because it is a very, uh,
07:21
dynamic field and it changes daily. What they're experiencing today is what the software developers of the nineties and two thousands experience experience experienced.
07:33
So they're starting to adopt
07:36
project management methodologies and project management roles. Because they have to have is a methodology
07:46
to
07:47
structure their activities as these investment costs rise.
07:53
Eso in quite frankly,
07:56
if you have a cybersecurity background in cyber security certifications and
08:03
you have project management, knowledge, experience, experience and certifications,
08:09
you're like a uniform, their extreme there in extreme demand right now.
08:15
So if you happen to come from the cybersecurity background and you're taking this course in order to gain some knowledge about project management, you're in the right place.
08:22
If you're experienced product manager that's looking to try and break into the cybersecurity field, guess what? You're in the right place. It is very, very small world where both of those skill sets overlap. So that's where the application of this type of technology, tool set and methodology
08:43
come into play.
08:45
Oh,
08:50
no.
08:52
So in today's video, we talked about agile in cybersecurity
08:56
and enterprise projects in cybersecurity, which are actually kind of the same thing. But it's this idea that
09:03
cybersecurity pro projects and programs today are enterprise programs. And agile is this idea of building the train track while the train is moving and that it speaks very directly to cybersecurity. So I want to thank you for your time and I will see you in the next video.

Up Next

Agile Project Management

This course will introduce the history, applicability, and techniques used in various Agile project management methodologies. Agile has become one of the fastest growing and most popular project management methods throughout IT.

Instructed By

Instructor Profile Image
Kane Tomlin
Executive Consultant at FDOT, Professor
Instructor