Play all

Intro

Lead Security Architect Cabinet Office UK Government

Certification Accreditation PCI ISO27001

Change control boards

Agile changes everything

Individuals and interactions over processes and tools

Working software over comprehensive documentation

Responding to change over following a plan

Customer collaboration over contract negotiation

Contracts, Planning, Documentation, Processes and Tools

Building software together

Maximising work not done

Minimum viable product or service

Protect personal data

Security design principles

8 Principles of risk management

Accept uncertainty Security as part of the team Understand the risks

Trust decision making Security is part of everything User experience is important

Audit decisions Understand big picture impact

How does agile help?

Continual delivery of business value

Security must be an enabler of the team

Safety engineering and security engineering

The unit of delivery is the team

The unit of decision making is the team

Educate the team to the threats

Keep a running risk log

Apply risk decisions per story

Apply controls per story

Security debt

Choosing the secure method must be the easiest option

Dealing with patches

Updating machines in test

Automated Testing

Fast repeatable deploys

Code review of infrastructure changes

Application whitelisting

Minimise administrative controls

Description:

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only! Grab it Explore a conference talk that delves into the intersection of agile methodologies and secure system design. Learn how agile practices can lead to more securely designed and operated systems, despite common misconceptions. Discover the speaker's perspective as a Senior Technical Architect at The Government Digital Service on balancing agility and security. Gain insights into key agile principles, security design principles, and risk management strategies. Understand how to integrate security into agile teams, maintain a running risk log, apply controls per story, and manage security debt. Explore practical approaches to choosing secure methods, dealing with patches, automated testing, and application whitelisting. This talk challenges traditional views on security in agile environments and provides actionable strategies for creating robust, secure systems while maintaining agility.

Rugged - Being Secure and Agile

GOTO Conferences

Add to list

#Conference Talks #GOTO Conferences #Programming #Software Development #Art & Design #Design & Creativity #User Experience #Business #Corporate Governance #Risk Management #Software Testing #Automated testing #Computer Science #Software Engineering #Agile Development #Information Security (InfoSec) #Cybersecurity #Computer Security #Security Engineering

0:00 / 0:00