DevSec : the forgotten of the agility

Transcript

1. DevSec : the Forgotten of Agility By Adrien Muller Dominique

   Righetto Yoan Thirion LOST IN AGILE

2. RENCONTRES DE LA SÉCURITÉ 2019 Yoan THIRION Software craftsman at

   Agile Partner S.A., agile enthusiast, team player Adrien MULLER Agile Coach, Software Craftsman, Trainer and Security Officer at Agile Partner S.A Dominique RIGHETTO AppSec Consultant at Excellium Services

3. RENCONTRES DE LA SÉCURITÉ 2019 Kent Beck Software Engineer Mike

   Beedle Computer Scientist Arie Van Bennekum Project Manager Alistair Cockburn Computer Scientist Ward Cunningham Software Developer Martin Fowler Software Developer James Grenning Software Engineer Jim Highsmith Software Developer Andy Hunt Software Developer Ron Jeffries Software Developer Bob Martin Software Engineer Stephen J. Mellor Computer Scientist Jeff Sutherland Software Developer Ken Schwaber Software Developer Dave Thomas Computer Programmer Jon Kern Program Manager Brian Marick Computer Scientist

4. RENCONTRES DE LA SÉCURITÉ 2019 State of Agile

5. RENCONTRES DE LA SÉCURITÉ 2019 The Rules of the game

6. RENCONTRES DE LA SÉCURITÉ 2019 What we have observed ?

7. RENCONTRES DE LA SÉCURITÉ 2019 The Product Owner The Product

   Owner is the sole person responsible for managing the Product Backlog.

8. RENCONTRES DE LA SÉCURITÉ 2019 Cross functional teams Include all

   competencies and domain knowledge without depending on others outside the team.

9. RENCONTRES DE LA SÉCURITÉ 2019 Sprint Planning The plan is

   created by the collaborative work of the entire Scrum Team. P.O Secu

10. RENCONTRES DE LA SÉCURITÉ 2019 Sprint Retrospective The Scrum Team

    inspect itself and create a plan for improvements to be enacted during the next Sprint.

11. RENCONTRES DE LA SÉCURITÉ 2019

12. RENCONTRES DE LA SÉCURITÉ 2019 DevSec do not find themselves

    in this version of the agility They all believe in the manifesto “It’s common sense” BUT No longer feel concerned “It’s for project managers, PMI”

13. RENCONTRES DE LA SÉCURITÉ 2019 An answer in 2008 •

    Too much focus on the process o How to build it fast o How to build the right thing • Teams must care, not execute o We value execution but we value craftsmanship more • Technical excellence is CRUCIALLY important to deliver value “Craftsmanship over Execution” – Uncle Bob The 5th Agile value Reduce the gap between agile and the technical world

14. RENCONTRES DE LA SÉCURITÉ 2019 • We need to help

    them set up the necessary practices to support iterative and incremental development • Training • Coaching Iterative & incremental ? A lot of responses in XP eXtreme Programming (XP)

15. RENCONTRES DE LA SÉCURITÉ 2019 Keep CALMS and..

16. RENCONTRES DE LA SÉCURITÉ 2019 Craftsmanship @AP • We propose

    a dedicated approach o Craft coaching o Training o Craftsmen • Team bootstrap o Agile coaching o Craft coaching Break silos https://agilepartner.github.io/craft-challenges/

17. RENCONTRES DE LA SÉCURITÉ 2019 Be pragmatic

18. RENCONTRES DE LA SÉCURITÉ 2019 THANK YOU !!! Yoan THIRION

    Adrien MULLER Dominique RIGHETTO