Applications to Cybersecurity

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 55 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:01
>> Hello and welcome to Module 6,
00:01
the conclusion of the Agile course.
00:01
In Module 6, we have three lessons,
00:01
the applications of Agile to cybersecurity,
00:01
the applications to
00:01
enterprise project management and the conclusion.
00:01
Because after all, I have to address
00:01
cybersecurity because this is
00:01
a cybersecurity focus website.
00:01
My previous course was
00:01
enterprise IT projects or enterprise
00:01
>> project management,
00:01
>> and I want to make sure that
00:01
I circle the wagons on that a little bit,
00:01
and then, of course, go through the conclusion.
00:01
I'm your instructor Kane,
00:01
and we will go ahead and get started with Lesson 6.1.
00:01
Lesson 6.1 is the applications of Agile to cybersecurity.
00:01
One of my roles is
00:01
instructor of cybersecurity here at a local college.
00:01
Probably the most sought after
00:01
course is information security management.
00:01
That's where we teach the CISM,
00:01
basically, framework for ISACA.
00:01
One of the things that I noticed pretty early on was,
00:01
basically, ISACA go the Agile.
00:01
They don't call it the
00:01
framework and whatnot in their current version,
00:01
which I believe is the 15th edition,
00:01
doesn't necessarily focus and use the same terminology,
00:01
but it's the same techniques.
00:01
Implementing a security program into
00:01
an organization is often likened
00:01
to building the train track while the train is moving.
00:01
If you were hired as
00:01
the information security officer for an organization,
00:01
day 1, you can't go in there and say, oh,
00:01
I'm going to build a program,
00:01
and we're just going to not do anything
00:01
in cybersecurity related for
00:01
the next 12-24 months while I build
00:01
this security framework and security program.
00:01
Doesn't make any sense. When you show up,
00:01
there are cyber threats that exist day 1.
00:01
You have to mitigate those,
00:01
you have to manage those cyber threats.
00:01
While at the same time,
00:01
you have to develop an effective cybersecurity program
00:01
that does your risk assessments that
00:01
has the risk mitigation programs,
00:01
incident response, all of
00:01
those things that ISACA talks about.
00:01
In essence, if you think
00:01
about it from an Agile terminology,
00:01
what you have to do is you show up
00:01
with a minimum viable product being what exists
00:01
today and then you have to develop
00:01
a security program that meets the needs of tomorrow.
00:01
But while you're meeting the needs of tomorrow,
00:01
you have to do iterative development because there are
00:01
security threats that exist
00:01
today that you have to address.
00:01
Where the CISM talks a lot about,
00:01
I believe, it's Chapter 3,
00:01
but I haven't cracked that
00:01
particular book in a couple of months,
00:01
almost positive is Chapter 3,
00:01
they talk a lot about impact focus.
00:01
When you're developing a security program,
00:01
you want to be impact-focused.
00:01
What are the biggest impacts to
00:01
the organization of a particular cybersecurity threat?
00:01
Again, if you'd look at the Agile talking points,
00:01
what do we talk about?
00:01
We talk about value,
00:01
business value, bringing value to the organization.
00:01
Well, if the security folks are talking about speaking
00:01
the language of the business owner by
00:01
talking about the impacts of cybersecurity breaches,
00:01
that's not too far
00:01
removed from the Agile focus
00:01
of talking about bringing value to the organization.
00:01
There's a lot of terminology that's different,
00:01
but a lot of the foundational requirements
00:01
and knowledge that's the same.
00:01
That's why I make the argument that
00:01
cyber has gone agile at this point.
00:01
In addition, as
00:01
these enterprise security programs become more expensive,
00:01
because honestly they are,
00:01
they are not cheap, they invite more oversight.
00:01
We talked about in a previous video,
00:01
one of the challenges with Agile is this idea that
00:01
there's this big black hole that I pour money into,
00:01
and I don't understand where I
00:01
get my return on my investment.
00:01
Well, when the security program
00:01
for organizations was small,
00:01
it didn't have a lot of oversight.
00:01
There was not a lot of need for that type of structure,
00:01
because the investment dollars
00:01
were not high enough to invite that oversight.
00:01
Well, here we are,
00:01
2020, and there's definitely more oversight.
00:01
Security is expensive.
00:01
Cybersecurity is the number 1 threat
00:01
facing most organizations today,
00:01
and it's expensive to prevent,
00:01
remediate, to do those risk assessments,
00:01
and so the business owners are going
00:01
to want to know and understand,
00:01
where is that money going?
00:01
Why am I spending that money?
00:01
As a CSO, or information security manager,
00:01
you have to be able to
00:01
have those conversations with the business owners.
00:01
Again, this is a manual,
00:01
really talks about that quite a bit.
00:01
It's actually whatever 25 percent of the book.
00:01
But what they're not doing is leveraging
00:01
the concepts of Agile project management.
00:01
What they're struggling with today is
00:01
the exact same problem that
00:01
software developers had in the 1980s and 1990s.
00:01
If you remember from the first couple of
00:01
videos when we went over the history of Agile,
00:01
where this problem came to ahead,
00:01
is when significant value
00:01
in those organizations was
00:01
in their software development programs.
00:01
A significant ROI,
00:01
a significant source of their revenue,
00:01
however, you want to look at it,
00:01
was in these new
00:01
software products that they were building.
00:01
Therefore, all of a sudden,
00:01
they became the business owners
00:01
and the chief executives,
00:01
the C-suite, became very interested in,
00:01
what are these software people doing?
00:01
That's where you ended up with
00:01
system development methodologies,
00:01
so that there was a way for
00:01
the management folks to
00:01
understand what the software folks were doing.
00:01
Fast-forward 20-30 years,
00:01
and we're right back to square 1.
00:01
The cybersecurity field is new,
00:01
dynamic is growing, it's important.
00:01
I'm not belittling anything
00:01
that they're going through right now,
00:01
because it is a very dynamic field
00:01
, and it changes daily.
00:01
But what they're experiencing today is what
00:01
the software developers of
00:01
the '90s and 2000s experienced.
00:01
They're starting to
00:01
adopt project management methodologies
00:01
and project management roles because they have to have
00:01
a methodology to structure
00:01
their activities as these investment costs rise.
00:01
Quite frankly, if you have
00:01
a cybersecurity background
00:01
and cybersecurity certifications,
00:01
and you have project management,
00:01
knowledge, experience,
00:01
and certifications, you're like a unicorn.
00:01
They're in extreme demand right now.
00:01
If you happen to come from
00:01
the cybersecurity background and you're taking
00:01
this course in order to gain
00:01
some knowledge about project management,
00:01
you're in the right place.
00:01
If you're experienced project manager that's
00:01
looking to try and break into the cybersecurity field,
00:01
guess what, you're in the right place.
00:01
It is very small world
00:01
where both of those skill sets overlap.
00:01
That's where the application of this type of technology,
00:01
toolset and methodology come into play.
00:01
In today's video, we talked about Agile in
00:01
cybersecurity and enterprise projects in cybersecurity,
00:01
which are actually the same thing,
00:01
but it's this idea that
00:01
cybersecurity projects and programs
00:01
today are enterprise programs,
00:01
and Agile is this idea of
00:01
building the train track while the train is moving,
00:01
and that it speaks very directly to cybersecurity.
00:01
I want to thank you for your time,
00:01
and I will see you in the next video.
Up Next