Built in or Bolted On? Building Secure Systems with an Agile Team

With security being a historically waterfall process, how do we address the security of our system or application as an agile team?


Through the lens of Scrum team members, we will examine the roles and responsibilities of individual team members to enable producing a secure product.


Developers, testers and systems engineers all have specific obligations regarding the security of their product, but must bring those to bear in a collaborative fashion.  We will take each of these roles individually and focus on how their individual skillsets coalesce together to build a secure system.


Outline/Structure of the Talk

[10 mins]  Introduction:  How has security implementations changed with agile development?

[10 mins]  Discussion of Developer & Testers security roles & responsibilities on an agile team

[10 mins]  What makes a good systems security engineer and how to they function on an agile team?

[10 mins]  What other roles contribute to the agile team’s secure product?

[10 mins]  EXERCISE:  Brainstorm:  What roles & responsibilities do we currently have in our organization to enable security and what are we missing?

[10 mins] Discussion/Wrap Up

Learning Outcome

  1. An appreciation for the nuances of building secure applications in an agile environment versus a waterfall one.
  2. An awareness of how to build security in to the application iteration by iteration
  3. An understanding of how all scrum team members contribute to the security of their product
  4. How the agile/scrum team can leverage other skillsets to contribute to their secure product.

Target Audience

developers, testers, security professionals, project managers, program managers, executives



schedule Submitted 6 years ago