Yet another trend: The recoil of Agile practices since uncontrollable isn’t what you’d want from your IS infrastructure..?
Where the scrum and other development methods using emblematic sprints by that very idea have to lose all the ballast …
But would you run a marathon-length Chinese Whispers game (Telephone if you’re from the US, inable to go with the rest) …? Because that’s what you get, quality-wise, if you deploy sprinters for the whole 42k195m — no use for miles either — and (wide-sense) security’s one major part of it.
Again, a baby with the bath water thing, here. Moreover, since even with large Waterfall development — which should’ve been V-shaped for the right half of it ..! — security (wide-sens, incl. proper-usability, documentation for maintainability et al.) was too much of an afterthought. When taken seriously, by the way, proven to be much less of a nuisance either during the project or or during implementation/roll-out or during the production phases, than it was taken for.
So, the question is not how fast ‘we’ can dump Security when adopting something agile, nor ow to ‘ split up’ the CISO’s thinking and acting and standards over App Devt and DevOps, but how to get suitable Sec into DevOps-or-whatever. The only road that’s not a dead end, sounds like “Sorry Dave, I can’t let you do that” [I know]. A sort of thick-concrete sandbox — creating tons of overhead in sprints, and when later exposed in the Real World of production. Retrogade.
Your start-up hacktons just don’t cut it in the big boy business..? Better ideas?