A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Agile and Security - Oil and Water? - (BSides Nashville 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Agile and Security - Oil and Water?

Ron Parker

BSides Nashville 2015
http://bsidesnash.org

How do we make our security tips, techniques and tools be enablers in our agile development surroundings? Part of the problem is scale. You and your other security professional friends can't always be totally engaged with each and every delivery team. There will always be more people making security and risk decisions than there are security consultants. Another key is getting out of the way. You need to enable people to make the risk decisions on their own schedule. They can't wait to attend yet another meeting or spend gargantuan efforts on security work that may or may not be needed. We need to build a security environment that that fosters good practices and at the same time fits well into more modern and agile methodologies. There are ways to design security tasks so they can be embedded into just about any methodology. This talk will walk through implementing a Security Development Lifecycle using the OWASP Software Assurance Maturity Model as a guide. Quick and Easy Security should not be an oxymoron.

Bio: Ron Parker @SCMunk
Ron Parker (@scmunk) is the Senior Enterprise Security Architect for Unum, the leading group and individual disability insurance provider. Ron has decades of experience successfully designing and developing secure application and infrastructure solutions in a complex and regulated environment. He has worked to implement security process improvements through establishing security frameworks and integrating security by applying architecture practices. Ron is also a non-reluctant CISSP.

Back to BSides Nashville 2015 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast