| | December 20208CIOReviewBy Brenden Smith, CISO, FirstBankIMPORTANT FACTORS FOR SECURITY TEAM TO CONSIDER WHILE ADOPTING AGILE PRACTICESCyber security is a complex and everchanging environment. As a result our priorities are constantly shifting and adapting to changes in the threat landscape as well as within our own organizations. Amidst this chaos is the need to get work done quickly and prioritize appropriately. These problems aren't unique to the security space however; software developers deal with similar challenges every day. Many of these teams have taken to adopting an Agile mindset utilizing Scrum methodologies. It's even best practice for security teams to integrate with the development pipeline to be a part of this work stream. While many security teams are partnered with developers in their workstreams, those same teams are rarely adopting those same practices themselves. At its core Agile and Scrum practices are ways of getting work done faster and rapidly adapting to change. However the terminology and practices can appear to be complex and confusing, which is a deterrent to adoption. There is a path forward though, and one that doesn't require a host of certifications and training. With no certifications and minimal formal training we have adopted these methodologies in our security program and substantially improved our ability to get work done. We would conservatively estimate that we at least doubled our capacity to get work done through these processes, and that benefit only continues to grow. In addition we have a documented library of all work we've attempted, even discarded projects, to reference in the future. Framing the ApproachThe single most important factor in adopting Agile practices in your security team is the willingness to continuously improve what you try. You don't need expertise, certifications, or a Scrum expert to move forward. There are a few key steps you can take to start adopting these practices and immediately realize the process improvement benefits described above. In the cyber security space we are constantly engaged in projects, implementations, and other efforts. It IN MY OPINION
<
Page 7 |
Page 9 >