Alan Crouch

Alan Crouch

Alan Crouch
Profile picture for user alan.crouch

Member for

9 years 1 month

Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].

Company
Coveros, Inc
Job Function
Consulting
Job Title
Managing Consultant
Industry
Business Services - Consulting - Non-profit
Interests
Agile
Architecture
Business Analysis
Cloud
Design
Development Lifecycles
DevOps
Leadership
Mobile
Process Improvement
Programming
Project Management
Security
Test Automation
Testing
Country
United States
Profile picture for user alan.crouch
Alan Crouch

Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].

 

All Articles by Alan Crouch

All Stories by Alan Crouch

Chess king left standing with other fallen pieces around it Choosing the Right Threat Modeling MethodologyThreat modeling‍ has transitioned from a theoretical concept into an IT security best practice. Choosing the right methodology is a combination of finding what works for your SDLC maturity and ensuring it results in the desired outputs. Let’s look at four different methodologies and assess their strengths and weaknesses.
Outlines of different agile frameworks on sticky notes Selecting the Right Agile FrameworkThere are many frameworks available to organizations that are maturing their agile process. However, some frameworks can help reinforce agile behaviors, while others can actually drive an organization to revert to waterfall habits. The right choice should be the methodology that allows teams to deliver their best work.
Collection of colorful open umbrellas creating coverage Testing Is Insurance, Not AssuranceThe Iowa Democratic Party used a mobile app to pull results from statewide precincts for the Iowa caucus. But the app was not properly tested or deployed, and it turned into a high-profile tech disaster. When deadlines loom, release testing is often what gets cut, but this situation shows why it's a crucial activity.
Sparkly "2020" sign Plan for the Year the Agile WayThe start of a new year always comes with new resolutions, goals, and a set of plans to grow in the future. The excitement and energy that a new start brings can rejuvenate a team. However, if you’re not careful, that same ambition can lead to failure. This year, adjust your strategy and plan in a more agile manner.
Icon of a person throwing garbage into a trash can Trusting Your Data: Garbage In, Garbage OutPoor quality input will always produce faulty output. Improper validation of data input can affect more than just security; it can also affect your ability to make effective business decisions. Bad data can have impacts on how you make quantitative decisions or create reports, if you can’t trust the data you receive.
ScrumMaster facilitating communication between an agile team and stakeholders Understanding the ScrumMaster's Role in Team CommunicationSome agile teams believe the ScrumMaster is the sole point of communication between them and the product owner, so the team can abdicate any responsibility to communicate with stakeholders. That couldn't be more wrong. It's actually the ScrumMaster's job to enable communication and coach or guide the team to solutions.
Signposts saying "Myth" and "Fact" Debunking 4 Myths of DevSecOps AdoptionDevSecOps means more secure applications through greater collaboration. However, many organizations hold preconceived notions and misconceptions about what DevSecOps is and why their organizations will face challenges in adopting it. Here are four common myths about DevSecOps transformation, along with the truth.
Agile team having a productive meeting Getting the Most out of Your Agile MeetingsOne of the most common complaints of any software team during a retrospective is the issue of too many meetings. Agile ceremonies can provide a lot of value to the team, but only when they're done correctly. Here are four ways to get the most out of meetings, avoid wasting time, and gain value for everyone involved.
Keys on a keyring How to Get Security Groups to Join Your DevSecOps JourneyDevSecOps shifts security practices left and assures earlier that your application isn't vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.
Two agile team members exchanging feedback in a retrospective 6 Ways to Share Negative Feedback in a RetrospectiveNegative feedback has the greatest potential to help people change in areas that can have a lasting impact. But sharing negative experiences and criticism can often be a challenge and may cause more harm than good. Here are six tips for sharing negative experiences effectively and building trust along the way.
Closeup photo of laptop computer lit up at night The Value of Security Testing in QAFor many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.
Egg timer Signs Your Organization Isn't Ready for DevOpsOrganizations struggling to see tangible benefits after adopting DevOps practices often have only slapped together a few tools instead of making the required changes. Many aren’t really embracing DevOps at all. Here are three signs to help you determine if your organization isn’t quite ready yet to practice DevOps.
Espresso being poured into a cup of water and mixing Integrating Threat Modeling into Agile DevelopmentThreat modeling helps you determine where to focus your security testing efforts when building your app. But people often wonder how it can fit into their existing agile software development process. Here are three things you can do to integrate threat modeling into your agile workflow, either early on or mid-project.
Agile team in a huddle with their coach Making Agile Coaching Successful for Your OrganizationSuccessful agile coaching requires a combination of experience, knowledge, and soft skills to help organizations build competence, sustainability, and performance in their agile practices. But it's not all up to the coach. There are a few things you can do to ensure your coaching engagement is set up for success.
Skull and crossbones shown on a computer screen Protect Your Software through Threat ModelingMany software organizations are overwhelmed with a laundry list of vulnerabilities. They often have no idea where to start, how to determine prioritization, and whether or not those vulnerabilities accurately represent the threats to our applications, users, and data. Threat modeling is a simple yet effective solution.
Apple cut open to reveal an orange inside 6 Signs Your Agile Project Isn’t Really AgileThere's a trend of organizations declaring they are agile without actually changing how they develop software. Declaring that an apple is an orange doesn’t make it so. These six key indicators can help you determine whether your agile project isn’t really agile after all—and give you some solutions to help.
Sketches showing the minimum viable product for a project Why the Minimum Viable Product MattersThe MVP brings tremendous value to a team’s ability to effectively implement agile practices. It also allows us to better understand what “value” actually means to our users and how context changes the meaning. Your MVP must move through your validation and release cycles while still being valuable to your users.
Sunset over the sea seen from the inside of a large pipe, photo by Erlend Ekseth 5 Features of a Successful DevSecOps PipelineWhen practicing DevOps, how should you include security? What's the best way to build security into an existing continuous integration, continuous delivery, and continuous deployment pipeline? Let’s take a look at five essential features of successful DevSecOps pipelines and analyze where security can benefit most.
Caution tape stretching across a construction site 5 Pitfalls Agile Coaches Must AvoidSuccessful agile teams often have a coach driving continuous improvement. While some coaches are effective initially, many eventually succumb to pitfalls that inhibit their team’s growth and fail to compel any lasting changes. Here are five common pitfalls of agile coaches in most projects that fail to improve.
Pipelines, photo by Bernard Hermant Testing Your DevOps Is Just as Important as Testing Your SoftwareMany DevOps engineers fail to test their automation code in the same way they test the software they deploy. It's crucial for software to have tests, and this should apply to infrastructure-as-code software too, if we plan to change and improve this code with no worries about breaking automation in our DevOps pipeline.
Various bugs Why Software Testing Is Key to DevOpsOne of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. However, many fail to include quality components in their practices. Continuous deployment without quality is just delivering continuous bugs. Here's why software testing is an essential part of DevOps.
Continuous improvement Driving Continuous Improvement to the Entire OrganizationIn traditional agile approaches, retrospectives are valuable to team improvement. However, when teams encounter organizational issues beyond their control, such as project structure, interorganizational communication, or resources, it's more difficult. Here's how to expand continuous improvement to the whole company.
Security lock depicted in code DevSecOps Could Have Prevented the Equifax BreachThe Equifax cyber security breach compromised millions of people's confidential information. If you’re worried about how you can prevent an IT disaster of this scale at your own organization, there is an answer: DevSecOps, which incorporates security into DevOps practices to ensure weaknesses are exposed early on.
Planning: writing who, what, where, when, why, and how Don’t Let Too Little Planning Tank Your Agile AdoptionMany organizations turning to agile believe it means you don't have to do any planning. This couldn't be further from the truth. A healthy agile team does just as much (if not more) planning than a team using a waterfall methodology. Preparing and setting goals sets up the team for a more successful agile adoption.
Padlock Make Your Security Testing More AgileSecurity practices traditionally have followed a waterfall model, adding security testing on at the end. Organizations need to coach their security programs and testers to prioritize analysis and risk, much like we do with agile stories, to better incorporate security defects with other feature work along the way.
Mobile app security testing 3 Essential Components to Building a Security Testing PracticeMost mobile app development teams lack a security testing practice, or if they do have one, it lacks the maturity to be effective. But the great security practices are not necessarily those that spend the most money or have the most engineers. It’s the ones that have adopted these three fundamental concepts.