DevSec : the forgotten of the agility

Transcript

1. DevSec : the Forgotten of Agility
   By
   Adrien Muller
   Dominique Righetto
   Yoan Thirion
   LOST IN AGILE
   

   View Slide

2. RENCONTRES DE LA SÉCURITÉ 2019
   Yoan THIRION
   Software craftsman at Agile Partner S.A.,
   agile enthusiast, team player
   Adrien MULLER
   Agile Coach, Software Craftsman, Trainer and
   Security Officer at Agile Partner S.A
   Dominique
   RIGHETTO
   AppSec Consultant at Excellium Services
   

   View Slide

3. RENCONTRES DE LA SÉCURITÉ 2019
   Kent Beck
   Software Engineer
   Mike Beedle
   Computer Scientist
   Arie Van Bennekum
   Project Manager
   Alistair Cockburn
   Computer Scientist
   Ward Cunningham
   Software Developer
   Martin Fowler
   Software
   Developer
   James Grenning
   Software Engineer
   Jim Highsmith
   Software Developer
   Andy Hunt
   Software Developer
   Ron Jeffries
   Software Developer
   Bob Martin
   Software Engineer
   Stephen J. Mellor
   Computer Scientist
   Jeff Sutherland
   Software Developer
   Ken Schwaber
   Software Developer
   Dave Thomas
   Computer Programmer
   Jon Kern
   Program Manager
   Brian Marick
   Computer Scientist
   

   View Slide

4. RENCONTRES DE LA SÉCURITÉ 2019
   State of Agile
   

   View Slide

5. RENCONTRES DE LA SÉCURITÉ 2019
   The Rules of the game
   

   View Slide

6. RENCONTRES DE LA SÉCURITÉ 2019
   What we have
   observed ?
   

   View Slide

7. RENCONTRES DE LA SÉCURITÉ 2019
   The Product Owner
   The Product Owner is the
   sole person responsible
   for managing the
   Product Backlog.
   

   View Slide

8. RENCONTRES DE LA SÉCURITÉ 2019
   Cross functional teams
   Include all competencies
   and domain knowledge
   without depending on
   others outside the team.
   

   View Slide

9. RENCONTRES DE LA SÉCURITÉ 2019
   Sprint Planning
   The plan is created by the
   collaborative work of
   the entire Scrum Team. P.O
   Secu
   

   View Slide

10. RENCONTRES DE LA SÉCURITÉ 2019
    Sprint Retrospective
    The Scrum Team inspect
    itself and create a plan for
    improvements to be
    enacted during the next
    Sprint.
    

    View Slide

11. RENCONTRES DE LA SÉCURITÉ 2019
    

    View Slide

12. RENCONTRES DE LA SÉCURITÉ 2019
    DevSec do not find themselves in this version of the agility
    They all believe in the manifesto
    “It’s common sense”
    BUT
    No longer feel concerned
    “It’s for project managers, PMI”
    

    View Slide

13. RENCONTRES DE LA SÉCURITÉ 2019
    An answer in 2008
    • Too much focus on the process
    o How to build it fast
    o How to build the right thing
    • Teams must care, not execute
    o We value execution but we value craftsmanship more
    • Technical excellence is CRUCIALLY
    important to deliver value
    “Craftsmanship over Execution” – Uncle Bob
    The 5th Agile value
    Reduce the gap between agile and the
    technical world
    

    View Slide

14. RENCONTRES DE LA SÉCURITÉ 2019
    • We need to help them set up the necessary practices
    to support iterative and incremental development
    • Training
    • Coaching
    Iterative & incremental ?
    A lot of responses in XP
    eXtreme Programming (XP)
    

    View Slide

15. RENCONTRES DE LA SÉCURITÉ 2019
    Keep CALMS and..
    

    View Slide

16. RENCONTRES DE LA SÉCURITÉ 2019
    Craftsmanship @AP
    • We propose a dedicated approach
    o Craft coaching
    o Training
    o Craftsmen
    • Team bootstrap
    o Agile coaching
    o Craft coaching
    Break silos
    https://agilepartner.github.io/craft-challenges/
    

    View Slide

17. RENCONTRES DE LA SÉCURITÉ 2019
    Be pragmatic
    

    View Slide

18. RENCONTRES DE LA SÉCURITÉ 2019
    THANK YOU !!!
    Yoan THIRION
    Adrien MULLER Dominique
    RIGHETTO
    

    View Slide