Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Integrating security into an existing agile SDLC
Search
Laura Bell
September 12, 2014
Technology
0
160
Integrating security into an existing agile SDLC
Laura Bell
September 12, 2014
Tweet
Share
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
270
Hackcon 11 - Protecting our people
ladynerd
0
240
Security in a container based world
ladynerd
0
150
Securing Microservice Architectures
ladynerd
2
360
Better Connected
ladynerd
0
73
Continuous Security
ladynerd
3
1.2k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.7k
Blindsided by security
ladynerd
0
130
Practical tools for privacy audit
ladynerd
0
210
Other Decks in Technology
See All in Technology
ソフトとハード両方いけるデータ人材の育て方
waiwai2111
1
480
旬のブリと旬の技術で楽しむ AI エージェント設計開発レシピ
chack411
1
290
モノタロウ x クリエーションラインで実現する チームトポロジーにおける プラットフォームチーム・ ストリームアラインドチームの 効果的なコラボレーション
creationline
0
980
サラリーマンソフトウェアエンジニアのキャリア
yuheinakasaka
41
19k
「違う現場で格闘する二人」——社内コミュニティがつないだトヨタ流アジャイルの実践とその先
shinichitakeuchi
0
470
RALGO : AIを組織に組み込む方法 -アルゴリズム中心組織設計- #RSGT2026 / RALGO: How to Integrate AI into an Organization – Algorithm-Centric Organizational Design
kyonmm
PRO
3
1.5k
かわいい身体と声を持つ そういうものに私はなりたい
yoshimura_datam
0
120
AI アクセラレータチップ AWS Trainium/Inferentia に 今こそ入門
yoshimi0227
1
260
コミュニティが持つ「学びと成長の場」としての作用 / RSGT2026
ama_ch
2
350
Web Intelligence and Visual Media Analytics
weblyzard
PRO
1
6.8k
スクラムマスターが スクラムチームに入って取り組む5つのこと - スクラムガイドには書いてないけど入った当初から取り組んでおきたい大切なこと -
scrummasudar
3
2.2k
Databricks Free Editionで始めるLakeflow SDP
taka_aki
0
140
Featured
See All Featured
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
430
Documentation Writing (for coders)
carmenintech
77
5.2k
The Curse of the Amulet
leimatthew05
0
7.4k
WENDY [Excerpt]
tessaabrams
9
35k
Paper Plane
katiecoart
PRO
0
45k
Between Models and Reality
mayunak
1
170
Designing for humans not robots
tammielis
254
26k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
610
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
44
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
Transcript
ARC208
once upon a time design code stuff ideas test deploy
security was all about gates design code stuff idea test
deploy
and goodness do we love gates design code stuff idea
test deploy Initial Risk Assessment Design Review Code and Implementation Review Penetration Testing
same thing, just more frequently?
None
Why don’t you do security?
we can make you look good Proactive security engagement increases:
Preparedness Credibility Market awareness Strategic thinking
So what does agile security need to be 1. Able
to empower developers 2. Cost effective 3. Pragmatic and flexible 4. Easy to integrate with existing workflows 5. Scalable
common misconceptions
avoidance != management
too little to fail (at security)
the sky is not always falling* *except when it is
(then you should really do something about it)
agility increases risk
Ten steps to a better, stronger and more secure you
regardless of budget, organisation size or how cool you are
1. know your stack Languages Libraries Operating Systems Applications Third
Party Services
2. learn to add, adapt and abandon
3. create a simple risk taxonomy Critical High Medium Low
Informational False Positive
4. understand your security and technical debt it’s natural and
awesome but you can’t run from it forever
5. bring security into your requirements “engage security early and
often and be sure to have it included in your definition of done”
6. prepare for the worst Monitoring Analysis Understanding Response Feedback
7. build an empire one developer at a time
8. design your workflows “the best technical people I know
work really hard to make themselves redundant. “
fails
10. outsource smartly “if you are going to spend the
money, research your options, scope well and be demanding”
common challenges and how to conquer, obliterate or otherwise win
compliance is a priority “nothing is more fatal to a
new business than the fines for non-compliance”
maintain momentum “more secure today than yesterday”
use your words No Simple way to remove risk Must
be logically applied and justified Does not remove the original need or objective Yes Scary for security people Accepts risks and understands them Enables innovation Encourage safe usage
None
Ready to get started? …take a deep breath
None
None
ladynerd
waiwai2111
chack411
creationline
yuheinakasaka
shinichitakeuchi
kyonmm
yoshimura_datam
yoshimi0227
ama_ch
weblyzard
scrummasudar
taka_aki
baasie
carmenintech
leimatthew05
tessaabrams
katiecoart
mayunak
tammielis
nmsamuel
csswizardry
inesmontani
akademiya2063
thoeni
