YoVDO

Rugged - Being Secure and Agile

Offered By: GOTO Conferences via YouTube

Tags

GOTO Conferences Courses Software Development Courses User Experience Courses Risk Management Courses Automated testing Courses Agile Development Courses Security Engineering Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a conference talk that delves into the intersection of agile methodologies and secure system design. Learn how agile practices can lead to more securely designed and operated systems, despite common misconceptions. Discover the speaker's perspective as a Senior Technical Architect at The Government Digital Service on balancing agility and security. Gain insights into key agile principles, security design principles, and risk management strategies. Understand how to integrate security into agile teams, maintain a running risk log, apply controls per story, and manage security debt. Explore practical approaches to choosing secure methods, dealing with patches, automated testing, and application whitelisting. This talk challenges traditional views on security in agile environments and provides actionable strategies for creating robust, secure systems while maintaining agility.

Syllabus

Intro
Lead Security Architect Cabinet Office UK Government
Certification Accreditation PCI ISO27001
Change control boards
Agile changes everything
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Responding to change over following a plan
Customer collaboration over contract negotiation
Contracts, Planning, Documentation, Processes and Tools
Building software together
Maximising work not done
Minimum viable product or service
Protect personal data
Security design principles
8 Principles of risk management
Accept uncertainty Security as part of the team Understand the risks
Trust decision making Security is part of everything User experience is important
Audit decisions Understand big picture impact
How does agile help?
Continual delivery of business value
Security must be an enabler of the team
Safety engineering and security engineering
The unit of delivery is the team
The unit of decision making is the team
Educate the team to the threats
Keep a running risk log
Apply risk decisions per story
Apply controls per story
Security debt
Choosing the secure method must be the easiest option
Dealing with patches
Updating machines in test
Automated Testing
Fast repeatable deploys
Code review of infrastructure changes
Application whitelisting
Minimise administrative controls


Taught by

GOTO Conferences

Related Courses

Software as a Service
University of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera