by Mark Peters
Agile Compliance and Risk Operations
Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as RMF, PCI-DSS, or even GDPR. Those who offer Agile management frequently want to sell you a brand. Even Gene Kim’s “The Unicorn Project'', shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. It’s not that hard. After being a Product Owner on an Agile team, I transferred to a security lead, operating the Risk Management Frameworks with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with the U.S. Government's compliance in the hope of helping others.