When management asks you: “Do you accept Agile as your lord and savior?”

Abstract:

So you’ve been told that your organization is going to implement Agile methodologies across ALL of IT, and not just in development. And you’ve been given the responsibility to implement it in Security Operations, and without a clear plan or measurable objectives other than “make the team more efficient”. While one can complain that someone in the C-Suite heard of the book “Scrum: The Art of Doing Twice the Work in Half the Time”, you still have a job to do. So the basics of Project Management, Agile, Scrum & Kanban are covered and how one can shoehorn these concepts into working in an operations context. Oh, and there will also be some finagling of where DevOps stands regarding Agile and Operations.

Importance: We’re seeing companies and management push the implementation of Agile more frequently. And while the general opinion that most people in operations have on Agile is “Agile is Dead” or that it just doesn’t work. I find that the main issue is there’s a major disconnect in trying to understand how Agile, Scrum, Kanban actually can be applied to Operations work, without creating dozens of meetings, or complicating procedures.

Most materials on the subject of DevOps and Agile all are oriented towards development teams, mainly due to the concepts being first implemented there. With the spillover of technology forcing a merging of Operations with Development, and with Security. coming into the fray, implementing a meaningful Agile process in Ops and Security is difficult, and often done with minimal assistance in an enterprise environment, other than getting the order to “Use Agile” or “Be Agile”.