Why can’t we be friends? Integrating Security into an Existing Agile SDLC
Agile development is often seen as a delicate balance of ritual and roles allowing for rapid development, continuous deployment and the expansion of the post-it note industry.
Security is often seen as a lumbering giant of process, governance and technology allowing for increased control, reduced risk and the expansion of the technology vendor industry.
What if you could merge the two? No really! What if these two former polar opposites can be made to play nicely together?
The world of security is changing to meet the needs of agile software development. Organisations around the world are coming up with tools, techniques and processes to make security a continuous presence to support developers.
In this talk I will outline the questions and challenges involved with implementing security in an agile SDLC, outline some techniques and tools that you can use and share some lessons learned from my journey so far.
So whether you are a shiny new start-up wanting to secure development from the beginning or you are an existing company with years of well-earned technical and security debt ; This talk is for you.
"A shy and retiring wall flower..." is one of the many phrases that have never been used to describe Laura Bell. After almost a decade in the offensive security and operations world, she has entered the scary world of defence and specializes in agile application security.
As well as her day job securing 6 Scrum teams at Spendvision, Laura writes a lot of poor quality Django, is the vice-chair of the New Zealand Internet Task Force and tries to keep up with her toddler daughter.
She knows what free time and hobbies are, she read about them in a book somewhere. It had a lot of pictures.