DevSec : the forgotten of the agility

Slide 1

Slide 1 text

DevSec : the Forgotten of Agility By Adrien Muller Dominique Righetto Yoan Thirion LOST IN AGILE

Slide 2

Slide 2 text

RENCONTRES DE LA SÉCURITÉ 2019 Yoan THIRION Software craftsman at Agile Partner S.A., agile enthusiast, team player Adrien MULLER Agile Coach, Software Craftsman, Trainer and Security Officer at Agile Partner S.A Dominique RIGHETTO AppSec Consultant at Excellium Services

Slide 3

Slide 3 text

RENCONTRES DE LA SÉCURITÉ 2019 Kent Beck Software Engineer Mike Beedle Computer Scientist Arie Van Bennekum Project Manager Alistair Cockburn Computer Scientist Ward Cunningham Software Developer Martin Fowler Software Developer James Grenning Software Engineer Jim Highsmith Software Developer Andy Hunt Software Developer Ron Jeffries Software Developer Bob Martin Software Engineer Stephen J. Mellor Computer Scientist Jeff Sutherland Software Developer Ken Schwaber Software Developer Dave Thomas Computer Programmer Jon Kern Program Manager Brian Marick Computer Scientist

Slide 4

Slide 4 text

RENCONTRES DE LA SÉCURITÉ 2019 State of Agile

Slide 5

Slide 5 text

RENCONTRES DE LA SÉCURITÉ 2019 The Rules of the game

Slide 6

Slide 6 text

RENCONTRES DE LA SÉCURITÉ 2019 What we have observed ?

Slide 7

Slide 7 text

RENCONTRES DE LA SÉCURITÉ 2019 The Product Owner The Product Owner is the sole person responsible for managing the Product Backlog.

Slide 8

Slide 8 text

RENCONTRES DE LA SÉCURITÉ 2019 Cross functional teams Include all competencies and domain knowledge without depending on others outside the team.

Slide 9

Slide 9 text

RENCONTRES DE LA SÉCURITÉ 2019 Sprint Planning The plan is created by the collaborative work of the entire Scrum Team. P.O Secu

Slide 10

Slide 10 text

RENCONTRES DE LA SÉCURITÉ 2019 Sprint Retrospective The Scrum Team inspect itself and create a plan for improvements to be enacted during the next Sprint.

Slide 11

Slide 11 text

RENCONTRES DE LA SÉCURITÉ 2019

Slide 12

Slide 12 text

RENCONTRES DE LA SÉCURITÉ 2019 DevSec do not find themselves in this version of the agility They all believe in the manifesto “It’s common sense” BUT No longer feel concerned “It’s for project managers, PMI”

Slide 13

Slide 13 text

RENCONTRES DE LA SÉCURITÉ 2019 An answer in 2008 • Too much focus on the process o How to build it fast o How to build the right thing • Teams must care, not execute o We value execution but we value craftsmanship more • Technical excellence is CRUCIALLY important to deliver value “Craftsmanship over Execution” – Uncle Bob The 5th Agile value Reduce the gap between agile and the technical world

Slide 14

Slide 14 text

RENCONTRES DE LA SÉCURITÉ 2019 • We need to help them set up the necessary practices to support iterative and incremental development • Training • Coaching Iterative & incremental ? A lot of responses in XP eXtreme Programming (XP)

Slide 15

Slide 15 text

RENCONTRES DE LA SÉCURITÉ 2019 Keep CALMS and..

Slide 16

Slide 16 text

RENCONTRES DE LA SÉCURITÉ 2019 Craftsmanship @AP • We propose a dedicated approach o Craft coaching o Training o Craftsmen • Team bootstrap o Agile coaching o Craft coaching Break silos https://agilepartner.github.io/craft-challenges/

Slide 17

Slide 17 text

RENCONTRES DE LA SÉCURITÉ 2019 Be pragmatic

Slide 18

Slide 18 text

RENCONTRES DE LA SÉCURITÉ 2019 THANK YOU !!! Yoan THIRION Adrien MULLER Dominique RIGHETTO