Written by: Alex Leonard, PMP
Presentation Overview
On May 16, 2023, the Agile Forum of the PMI Atlanta Chapter hosted their first in-person forum event of the year! The forum presentation, titled “Agile & Cybersecurity”, was presented by Andrew Gurbaxani. In his presentation, Andrew discussed how Agile and Cybersecurity can work with or against each other. He explained and drew emphasis on the similarities and differences between the Agile way of working and cybersecurity. Even though there are different vocabularies, the two complement one another. While the Agile way of working may introduce some cyber-risk, it also creates cyber-opportunity. Agile supports “secure by design” and “secure by default” principles when properly applied. Some Agile frameworks are well suited for the cybersecurity domain, and those include Xtreme Programing (XP), Test Driven Development (TDD), and Scrum via daily inspection and review.
Being Agile in the Cybersecurity space can be quite a positive practice. Incident detection and response, attack surface mapping, and red/blue/purple team exercises are all techniques in cybersecurity operations that can benefit from an Agile approach. While there are many positives, there are also a few negatives. Security breaches and supply chain compromises can happen easily, and have happened, even in these environments, especially if or when the right protocols are not followed.
During this forum event, Andrew also discussed what is and is not security. He explained that security is the protection of proprietary or confidential information that has been entrusted to us as employees of an organization. As an example, robust policies and processes, proactive vulnerability scans, and user security awareness all fall under the “security” umbrella, while maturity models, compliance activities, and security teams do not.
Takeaways
- Implementing agility in the cybersecurity domain does not come without a cultural shift.
- While there are unique challenges with Agile in cybersecurity operations, it can have a positive and negative impact, if the right protocols are not followed.
- As a Project Manager in the cybersecurity domain, you are the chief information security officer – take your responsibility seriously!
Next Event
Join us at the next PMI Atlanta Chapter “In-Person” Agile forum on August 15, 2023
Keynote Presentation: "How to Talk Agile in a Waterfall Environment" by Tamara McLemore, PMP, PMI-ACP, the Chief Impact Officer at Tamara Joy McLemore Enterprises
Register at www.pmiatlanta.org/events/event-calendar