Elevator Pitch
Many companies adopt DevOps or Agile practices only to crash against compliance walls such as RMF, PCI-DSS, or even GDPR. After being a Agile Product Owner, I moved to security, driving RMF on a new Agile org. This session shares my experiences incorporating Agile as a U.S. Government contractor.
Description
Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as RMF, PCI-DSS, or even GDPR. Those who offer Agile management frequently want to sell you a brand. Even Gene Kim’s “The Unicorn Project”, shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. It’s not that hard. After being a Product Owner on an Agile team, I transferred to a security lead, operating the Risk Management Frameworks with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with U.S. Governments compliance in the hope of helping others.
Notes
Short version of the paper published on Linkedin (https://www.linkedin.com/pulse/agile-compliance-risk-operations-mark-t-peters-ii-cissp-pmp/) Unique experience with two different Govenment cyber weapon systems as they tried to adopt Agile practices.