Being An Agile Security Officer: Spread Your Knowledge

This is my fifth and last part of my blog series about 'Being an Agile Officer'. Before you read on, be sure you have read part onepart twopart three and part four in this series. In this blog post I will go deeper into the details of how user stories are created and what role security stakeholders should play in that.

In the previous parts I showed how Security Officers can align with the Agile process and let security become a standard considered quality attribute again. Unfortunately many teams not only need to be made aware of security requirements, but also need technical advise and guidance in designing and implementing them. As an Agile Security Officer you therefor need not only to act as a Stakeholder, but also as a Domain Expert for Security.

Door |2024-02-17T06:32:37+00:00november 9, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being An Agile Security Officer: Spread Your Knowledge

Being an Agile Security Officer: user stories

This is the fourth part of my 'Being an Agile Security Officer series'. Before you read on, read part onepart two and part three in this series. In this blog post I will go deeper into the details of how user stories are created and what role security stakeholders should play in that.

Door |2024-02-19T05:39:09+00:00juni 15, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being an Agile Security Officer: user stories

Being an Agile Security Officer: pwn the process

This is the third part of my 'Being an Agile Security Officer series'. Before you read on, read part one and part two in this series. As mentioned in my previous blog, in the Agile world the Product Owner is the person who translates business and customer desires into work items for the teams. To do this, product owners have several techniques and means at their disposal. In this blog I will focus on the backlog and the definition of done. As a security officer it's important to understand their purpose and to learn how they can help you achieve your goals.

Door |2024-02-17T06:32:36+00:00juni 1, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being an Agile Security Officer: pwn the process

Being an agile security officer

Whenever I give a presentation, training, or just talk to security teams, it becomes clear that over the years a gap has been created between application security and development. A gap we created consciously and with intent and that became painfully visible with the introduction of Agile and DevOps. Suddenly exhaustive information security policies with checklists and penetration tests became serious impediments. The challenge we are facing now is how to bridge this gap again.

Fortunately this challenge is easier to solve as it appears to be. The key to success is to split the security officer function more Agile minded roles with different responsibilities and duties. In the coming blogs I will dive deeper into the different aspects of these roles and the differences in the responsibilities and duties. But first we need to take a little trip down to memory lane to understand how we ended up in this situation.

Door |2024-02-17T06:32:36+00:00januari 4, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being an agile security officer

Objects of Security: a different view on assets

“Protect your assets!” is a mantra that is much used in information security. The term ‘asset’ is useful when applied to a specific business perspective. However, for managing security it does not fully cover the things that need protection. Indeed, the use of the term can easily make you overlook the things that need security measures. In this article, I argue that we should broaden our view, and start using the concept of ‘objects of security’, which is a mental model that can help us better understand security.

Door |2024-02-17T06:32:34+00:00februari 25, 2016|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Objects of Security: a different view on assets

Culture impacts security!

Despite having the greatest security technologies in the world, a fool with a tool is still a fool. But what defines a fool? Let us for once step beyond knowledge and experience, because even with great knowledge and experience, one can be a fool ;-(

Door |2024-02-17T06:32:34+00:00januari 13, 2016|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Culture impacts security!

Ah…..u zoekt een ZieZo!

Als je een poosje mee loopt in het vak wordt het vak van information security officer (ISO) steeds diverser. Je ziet trends & ontwikkelingen, hoe klein deze ook zijn. Zo ging een gesprek over de personele invulling van informatiebeveiliging al gauw over het hebben van een ISO. Als de ISO eenmaal aangenomen is, in de perceptie van het management, dan is onze informatiebeveiliging op orde en geen issue meer.

Door |2024-02-17T06:32:32+00:00oktober 8, 2014|Artikel, Nederlands|Reacties uitgeschakeld voor Ah…..u zoekt een ZieZo!

Baas boven baas

Op een zeker moment in de film de Wizard of Oz, staan Dorothy en haar drie kompanen trillend voor de imposante, vuurspuwende kop van de “Grote en Machtige Oz”. Deze maant hen met bulderende stem dichterbij; niet echt een aantrekkelijk voorstel! Totdat het hondje van Dorothy haar ontglipt en een gordijn opzij trekt waarachter ze de werkelijke Oz zien staan; een aandoenlijke, wat oudere man die met hendels de grote mechanische kop bedient. Niet alles is altijd wat het lijkt…

Door |2024-02-17T06:32:31+00:00juli 23, 2014|Artikel, Nederlands|Reacties uitgeschakeld voor Baas boven baas

Afscheid van het Matrix model

Veel organisaties zijn vandaag de dag nog ingericht volgens het principe van de matrix organisatie. Het idee is simpel: je maakt twee mensen verantwoordelijk voor hetzelfde, maar dan uit een ander perspectief. Zo ontstaat er een gedwongen overlegstructuur.

Door |2024-02-17T06:32:31+00:00juni 23, 2014|Artikel, Nederlands|Reacties uitgeschakeld voor Afscheid van het Matrix model
Ga naar de bovenkant