Time
1 hour 2 minutes
Difficulty
Advanced
CEU/CPE
1

Video Transcription

00:01
Hello and welcome back to revenue protection as a C. So
00:05
in this module we will discuss wise, important for security to be agile
00:10
and challenges to security agility.
00:16
According to a report by Collab Net,
00:19
which has been charting the agile landscape for 13 years, 97% of companies are using agile development.
00:28
So Mr C So, Mrs C. So what does that mean for you? Security must also be agile and taken integrated Approach
00:42
scrum, anyone
00:44
Scrum backlog, sprints burned down. You likely heard your project managers use all of these terms
00:51
to a C. So these can cause anxiety and fear because they're part of your organization. See, I city pipeline or continuous integration and continues delivery, which is never ending. Scrum relies on an agile software development concept. Call Sprints
01:07
of sprints appears of time with software development is actually done.
01:11
A sprint usually last from one week to a month to complete
01:17
an item from the bag log. The goal of East Sprint is to create a sellable products.
01:23
I know a security practitioners we like to I won't say slow roll our reviews of of new products or
01:33
it's cold scans and we want everything to just fall in alignment perfectly. But in this
01:41
see, I see the world, this agile environment of development that we're we're in. That's not really reality.
01:51
And it kind of goes back to earlier concept that we had talked about
01:56
was, um, integrating security into the organization and not bolting it on and it being integrated, usable and reducing friction.
02:12
Some challenges to security a Jilly
02:15
are displayed before it's a couple of the highlight are agile delivery model requires more continuous participation by cybersecurity leaders. Um,
02:29
this
02:30
gets tricky dependent on the organization that you're in, um,
02:37
sitting in with your app SEC teams at application security teams doing some of their scrums, maybe invited, or it may be looked at as being overbearing, and it really depends on the relationship that you have with that particular team.
02:55
So I suggest again that you take a collaborative approach to, you know, delivering security to your organization
03:04
so that they'll invite you in, and that you can provide solutions to not hinder their development, but actually
03:13
enhance what they're doing and in integrate security into it. Another one cyber friendly software development is needed for effective cybersecurity
03:23
to florists. So this goes back to you
03:28
integrating in helping the app sec team integrate security in so they reduce security vulnerabilities that ultimately is a win for the organization.
03:38
Um, continuous rapid delivery may require tradeoffs.
03:45
Something going back remember which he'll and choosing which he'll you want to die on and which one you want to walk away from. Um,
03:53
I don't think so. Um, by airy and zeros and ones,
03:59
and go to the table with an open mind and provide solutions
04:05
to
04:06
problems that you may have identified.

Up Next

Revenue Protection as a CISO

In this course you will learn strategies to transform the way your security program is viewed.

Instructed By

Instructor Profile Image
Terence Jackson
Chief Information Security and Privacy Officer
Instructor