CypherCon 2023

When management asks you: “Do you accept Agile as your lord and savior?”

Daniel Lagos

Abstract:

So you’ve been told that your organization is going to implement Agile methodologies across ALL of IT, and not just in development. And you’ve been given the responsibility to implement it in Security Operations, and without a clear plan or measurable objectives other than “make the team more efficient”. While one can complain that someone in the C-Suite heard of the book “Scrum: The Art of Doing Twice the Work in Half the Time”, you still have a job to do. So the basics of Project Management, Agile, Scrum & Kanban are covered and how one can shoehorn these concepts into working in an operations context. Oh, and there will also be some finagling of where DevOps stands regarding Agile and Operations.

Importance: We’re seeing companies and management push the implementation of Agile more frequently. And while the general opinion that most people in operations have on Agile is “Agile is Dead” or that it just doesn’t work. I find that the main issue is there’s a major disconnect in trying to understand how Agile, Scrum, Kanban actually can be applied to Operations work, without creating dozens of meetings, or complicating procedures.

Most materials on the subject of DevOps and Agile all are oriented towards development teams, mainly due to the concepts being first implemented there. With the spillover of technology forcing a merging of Operations with Development, and with Security. coming into the fray, implementing a meaningful Agile process in Ops and Security is difficult, and often done with minimal assistance in an enterprise environment, other than getting the order to “Use Agile” or “Be Agile”.

Daniel Lagos

Scrum Agile Sprint

Curious generalist analyst who’s currently working in the healthcare industry. Was voluntold to be the scrum master for a team of 20 odd analysts and decided to actually study the foundational concepts behind Agile and DevOps to wrap one’s head around them. Has done a few previous talks on aviation and election security in the past.