Balancing Agile and Cybersecurity Implementation

Over the past 25 years, software development has changed drastically due to evolving market demands. To respond to these needs, software development teams must reduce their time to market with releases that are more frequent. This has led the industry to move away from the waterfall methodology to agile development methodologies, thus enabling security to be engaged from inception instead of bolted on at the end of the process. While security methodologies rely more on a systematic and requirement-based approach to development much more conducive to the waterfall methodology, we must balance agile implementations and rigorous security protocols to achieve greater speed to market while maintain transparency and integrity. However, we believe there is a way to effectively balance agile implementations and rigorous security protocols to achieve greater speed to market while maintaining transparency and integrity—equally vital aspects of the development process. This session will discuss the three main considerations when aligning and adapting security measures to agile:
1. Security approaches must be adaptive and iterative like the agile software development methods, and not hinder the development process.
2. Security approaches provide concrete guidance and tools at all phases of development, i.e., from requirements capture to deployment.
3. A successful security activity adapts rapidly to ever-changing requirements.