Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.
Organizations struggling to see tangible benefits after adopting DevOps practices often have only slapped together a few tools instead of making the required changes. Many aren’t really embracing DevOps at all. Here are three signs to help you determine if your organization isn’t quite ready yet to practice DevOps.
Threat modeling helps you determine where to focus your security testing efforts when building your app. But people often wonder how it can fit into their existing agile software development process. Here are three things you can do to integrate threat modeling into your agile workflow, either early on or mid-project.
Successful agile coaching requires a combination of experience, knowledge, and soft skills to help organizations build competence, sustainability, and performance in their agile practices. But it's not all up to the coach. There are a few things you can do to ensure your coaching engagement is set up for success.
Many software organizations are overwhelmed with a laundry list of vulnerabilities. They often have no idea where to start, how to determine prioritization, and whether or not those vulnerabilities accurately represent the threats to our applications, users, and data. Threat modeling is a simple yet effective solution.
There's a trend of organizations declaring they are agile without actually changing how they develop software. Declaring that an apple is an orange doesn’t make it so. These six key indicators can help you determine whether your agile project isn’t really agile after all—and give you some solutions to help.
The MVP brings tremendous value to a team’s ability to effectively implement agile practices. It also allows us to better understand what “value” actually means to our users and how context changes the meaning. Your MVP must move through your validation and release cycles while still being valuable to your users.