1

How should one structure and how should a Security Team work in an agile organization (100 devs).

Found this article: https://kislayverma.com/organizations/independence-autonomy-and-too-many-small-teams/

Where I agree with it, for software dev, I am not sure if this will be applicable to Security Teams.

Security Team ideally should deliver "security" of the company, however, a team cannot do it alone, we rely on other teams (devs for code, devops for infra), employees (phishing) and also need to collaborate a lot.

How would you tackle security and Security Teams in an agile organization?

schroeder
  • 123,438
  • 55
  • 284
  • 319
dev
  • 937
  • 1
  • 8
  • 23
  • 1
    This seems like a personal opinion question – yeah_well Jul 29 '20 at 11:51
  • 1
    IMO this question needs more focus, I don't understand what the real problem is. – reed Jul 29 '20 at 12:16
  • The problem is: How should effective Security Team work in a startup and how Security can be improved in small-med organization/Startup. For example: Implementing some level of DevSecOps: https://dsomm.timo-pagel.de/index.php BUT maybe somebody can summurize how Security Team works in their setup and what they do or how it ideally should be and what it should do. – dev Jul 29 '20 at 12:53
  • "What do you do in your company?" is not a good question fit here. And what you are looking for is not something where you specify a "best practice" and apply it blindly, it needs to be borne from your context. And that's the key. You have unique risks, resources, concerns, and objectives in the next year. Security, and teams tasked with managing that security, needs to support those things. – schroeder Jul 29 '20 at 16:47

0 Answers0