We want Agile software delivery teams to bake security into the work they deliver in every iteration. However, many software delivery teams struggle to make sense of security or sometimes don’t even know where to start. There are not many established good practices for getting the right scope into backlogs, beyond ensuring the necessary expertise is available.
Jim Gumbley offers an overview of Sensible Conversations, an open source, low-fi, visual, collaborative set of materials and workshops about security, and shares what works (and doesn’t), drawn from his experience working with a variety of public and private sector software delivery teams. Sensible Conversations is designed for teams who don’t know where to start with building secure systems and don’t have access to security experts. The aim is to kickstart a secure delivery cycle and reinforce the team’s muscle memory by having risk-driven conversations about what protections are required every iteration. Jim describes lessons learned carrying out the workshops and refining and iterating on the materials. He then explores the approach from a non-security expert perspective.
Jim Gumbley is a cyber security consultant at ThoughtWorks, where he has worked across the finance, public sector, and healthcare areas. For the last few years, he’s been focused on improving information security outcomes in Agile and Lean development projects for ThoughtWorks in London, UK.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org