Hello and welcome back to revenue protection as a C. So
in this module we will discuss wise, important for security to be agile
and challenges to security agility.
According to a report by Collab Net,
which has been charting the agile landscape for 13 years, 97% of companies are using agile development.
So Mr C So, Mrs C. So what does that mean for you? Security must also be agile and taken integrated Approach
Scrum backlog, sprints burned down. You likely heard your project managers use all of these terms
to a C. So these can cause anxiety and fear because they're part of your organization. See, I city pipeline or continuous integration and continues delivery, which is never ending. Scrum relies on an agile software development concept. Call Sprints
of sprints appears of time with software development is actually done.
A sprint usually last from one week to a month to complete
an item from the bag log. The goal of East Sprint is to create a sellable products.
I know a security practitioners we like to I won't say slow roll our reviews of of new products or
it's cold scans and we want everything to just fall in alignment perfectly. But in this
see, I see the world, this agile environment of development that we're we're in. That's not really reality.
And it kind of goes back to earlier concept that we had talked about
was, um, integrating security into the organization and not bolting it on and it being integrated, usable and reducing friction.
Some challenges to security a Jilly
are displayed before it's a couple of the highlight are agile delivery model requires more continuous participation by cybersecurity leaders. Um,
gets tricky dependent on the organization that you're in, um,
sitting in with your app SEC teams at application security teams doing some of their scrums, maybe invited, or it may be looked at as being overbearing, and it really depends on the relationship that you have with that particular team.
So I suggest again that you take a collaborative approach to, you know, delivering security to your organization
so that they'll invite you in, and that you can provide solutions to not hinder their development, but actually
enhance what they're doing and in integrate security into it. Another one cyber friendly software development is needed for effective cybersecurity
to florists. So this goes back to you
integrating in helping the app sec team integrate security in so they reduce security vulnerabilities that ultimately is a win for the organization.
Um, continuous rapid delivery may require tradeoffs.
Something going back remember which he'll and choosing which he'll you want to die on and which one you want to walk away from. Um,
I don't think so. Um, by airy and zeros and ones,
and go to the table with an open mind and provide solutions
problems that you may have identified.