how to add security in agile process
DESCRIPTION
Are you close to define security requirements? Are you close to stakeholders and product owner to share the risks and obtain priority? Follow my experience the InfoSec guys must be part of the agile teams. Regarding Design: The InfoSec guys need to be focused on security product engineering taking a look over the security design and define all requirements. Regarding Coding: The software should be tested by several engines, solving possible security coding issue, implement a rugged software process. Regarding Release/Delivery: The InfoSec guys need to provide hardening for each solution tested, hardening and possible security automations. Anyway, be part of the team.TRANSCRIPT
![Page 1: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/1.jpg)
On chickens’ land who made security is a pig?
![Page 2: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/2.jpg)
“I'm founder and work on atomsec.com.br”
Hi, I’m @brunomottarego
![Page 3: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/3.jpg)
Agile what’s that?
![Page 4: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/4.jpg)
SCRUM
![Page 5: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/5.jpg)
SCRUM Team
![Page 6: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/6.jpg)
Chicken and Pigs
![Page 7: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/7.jpg)
What they think about security?
![Page 8: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/8.jpg)
Challenges
schedule, scope, and budget
![Page 9: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/9.jpg)
Security is not a feature
Challenges
![Page 10: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/10.jpg)
Security feature is different of the secure feature
Challenges
![Page 11: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/11.jpg)
Security is not a deliverable in a project plan
Challenges
![Page 12: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/12.jpg)
Security is not only a penetration test
Challenges
![Page 13: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/13.jpg)
Security is not “phase 2”
Challenges
![Page 14: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/14.jpg)
Security is a state of mind it is a state of being
it is a mentality
Challenges
![Page 15: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/15.jpg)
What does it take?
![Page 16: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/16.jpg)
Step 1 be a pig.
![Page 17: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/17.jpg)
Step 2 educate stakeholders.
![Page 18: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/18.jpg)
Step 3 define a security advisor.
![Page 19: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/19.jpg)
Step 4 automated testing.
(security, unit and acceptance testing)
![Page 20: How to Add Security in Agile Process](https://reader035.vdocuments.us/reader035/viewer/2022081412/53f983068d7f7253318b4e6d/html5/thumbnails/20.jpg)
Thank you!
We've to make software run and make them run secure and better.
@brunomottarego