Security professionals can find themselves facing a frustrating “wack-a-mole” situation when asked to take on an organization’s previously ignored security needs, explains Jon Tidwell of GovLoop. But his experience with an Agile security team has provided some insights that help get security on the fast track to effectiveness.
From breaking large projects into achievable tasks to gathering CIO support for prioritizing backlog items, the principles that drive Agile development are just as helpful for building a strong security program from scratch.
From the post:
“In order to[get my organization as secure as possible], the security team I’m fortunate to lead is taking on an Agile methodology, as we look to paint a masterpiece out of blank canvas. Our end goal is a complete security program, which takes ‘development’ just like a software application. So, we developed a vision of where we want to be, and cataloged the steps to get there, and are tackling each with an Agile flair.”