Alan Crouch is a senior software security specialist with Coveros, a Virginia-based firm focused on agile, software quality, and application security. Alan has worked closely with federal agencies and private companies to advise, audit, and support IT security and governance teams. In addition to his cybersecurity experience, he has a strong background in software engineering, test analysis, test automation, and security testing. Alan has focused his career on building secure software and developing better software security practices. You can contact Alan at [email protected].
Threat modeling helps you determine where to focus your security testing efforts when building your app. But people often wonder how it can fit into their existing agile software development process. Here are three things you can do to integrate threat modeling into your agile workflow, either early on or mid-project.
Successful agile coaching requires a combination of experience, knowledge, and soft skills to help organizations build competence, sustainability, and performance in their agile practices. But it's not all up to the coach. There are a few things you can do to ensure your coaching engagement is set up for success.
Many software organizations are overwhelmed with a laundry list of vulnerabilities. They often have no idea where to start, how to determine prioritization, and whether or not those vulnerabilities accurately represent the threats to our applications, users, and data. Threat modeling is a simple yet effective solution.
There's a trend of organizations declaring they are agile without actually changing how they develop software. Declaring that an apple is an orange doesn’t make it so. These six key indicators can help you determine whether your agile project isn’t really agile after all—and give you some solutions to help.
The MVP brings tremendous value to a team’s ability to effectively implement agile practices. It also allows us to better understand what “value” actually means to our users and how context changes the meaning. Your MVP must move through your validation and release cycles while still being valuable to your users.
When practicing DevOps, how should you include security? What's the best way to build security into an existing continuous integration, continuous delivery, and continuous deployment pipeline? Let’s take a look at five essential features of successful DevSecOps pipelines and analyze where security can benefit most.
Successful agile teams often have a coach driving continuous improvement. While some coaches are effective initially, many eventually succumb to pitfalls that inhibit their team’s growth and fail to compel any lasting changes. Here are five common pitfalls of agile coaches in most projects that fail to improve.