SlideShare ist ein Scribd-Unternehmen logo

Booz Allen Secure Agile Development

Booz Allen Hamilton
Booz Allen Hamilton

boozallen.com/systemsdelivery

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
0Booz Allen Hamilton and Client proprietary and business confidential 0Booz Allen Hamilton and Client proprietary and business confidential June 2016 SECURE AGILE DEVELOPMENT A TRANSFORMATIVE APPROACH TO SECURE SYSTEMS DELIVERY
1Booz Allen Hamilton and Client proprietary and business confidential MEET OUR PRESENTERS MARC MURPHY BOB WILLIAMS RYAN SKOUSEN A Vice President our Systems Delivery Group, Marc is an expert in Agile software development services, ERP, and AWS cloud operations. Prior to joining Booz Allen, Marc served as CEO of SPARC where he oversaw all business and operations done in concert with several Department of the Defense contracts. He was also a former partner for Deloitte DoD/Federal group as well as served as an Officer in the U.S. Army. A Chief Engineer at Booz Allen, Ryan is leading the development and maintenance of a DoD Big Data analytic platform focused on exploitation of unstructured data under the Joint Improvised-threat Defeat Agency (JIDA). Ryan’s experience ranges from software development, Linux systems administration, and big data management to information security and Certification and Accreditation under both RMF and ICD 503. Ryan applies these different disciplines to deliver mission-focused, operational systems to the field. A Chief Scientist at Booz Allen, Bob is a leader, architect and hands-on engineer specializing in building application frameworks and development platforms, as well as building teams, and architecting scalable, robust, data-intensive systems in accordance to FIPS, NIST and OWASP compliance. Prior to joining Booz Allen, Bob served as the CTO for SPARC where he provided vision, strategy and direction to the Engineering organization.
2Booz Allen Hamilton and Client proprietary and business confidentialBooz Allen Hamilton and Client proprietary and business confidential 2 WHAT’S THE CHALLENGE? How can we adopt modern development practices, and transform a federal agency’s delivery model without sacrificing information assurance and system security controls?
3Booz Allen Hamilton and Client proprietary and business confidential THREE PILLARS OF SECURE AGILE DEVELOPMENT When developing any system, security requirements and controls can’t be segmented from technical requirements. There must be a deep understanding of how these security requirements complement capability requirements for the system under development. Expertise in how security is incorporated, tested, and monitored as a part of DevOps (continuous deployment, infrastructure as code, containerization, continuous diagnostic monitoring) methods is critical to increase velocity with confidence. A deliberate organizational change approach, led by experienced professionals is required to transform an agency’s delivery model - this is the difference between “Doing Agile” and “Being Agile”. MISSION UNDERSTANDING TECHNICAL ACUMEN AND INNOVATION “SECURE FIRST” CULTURE
4Booz Allen Hamilton and Client proprietary and business confidential MISSION UNDERSTANDING  Is Security talent embedded within teams and is each team member, from developer to security professional, “security intelligent”?  Are software security fundamentals implemented, such as user authentication and access controls, protection against known attack vectors?  Does the development team have an understanding of current and impending regulatory security requirements (e.g. Risk Management Framework, ICD 503, DISA STIG, US-CERT)? Have these requirements been addressed as technical stories and applied to sprints?  Does the development team have an understanding of agency specific SDLC governance models (e.g. VA’s Veteran Integration Process, DoD 5000) and how modern methods and tooling can be leveraged to meet these requirements with Agility? CHECKLIST: SECURE AGILE DEVELOPMENT
5Booz Allen Hamilton and Client proprietary and business confidential TECHNICAL ACUMEN  Are automated security scans included as a part of Continuous Integration for each code commit and providing a transparent, real-time view of the security posture?  Does your security strategy address the entire technology stack to include secure containers, network, firewalls and operating system for vulnerabilities?  Have automated security test scripts been developed and executed to verify security features, such as authorization, authentication, field level validation, and PII/PHI compliance?  Does the configuration of security components such as the perimeter firewall, Intrusion Detection / Prevention System (IDS/IPS) follow a similar model in terms of provisioning and configuration as application servers?  As a part of the DevOps process, is dynamic network monitoring in place to actively discover vulnerabilities or active attacks? CHECKLIST: SECURE AGILE DEVELOPMENT
6Booz Allen Hamilton and Client proprietary and business confidential CHANGE MANAGEMENT  Is the process of defining, implementing and monitoring security an iterative cycle throughout the development and maintenance lifecycle of the software? Is the team providing constant feedback, reevaluation, maturation and evolution of secure software?  Is the project employing Agile coaching to drive organizational or project level change management?  Have appropriate organizational resources been allocated to sponsor, measure, and reinforce the implementation of security standards as a part of Agile development activities?  Is the delivery team addressing security concerns, as a part of traditional Agile ceremonies and practices (e.g. stand ups, release planning, information radiators, story elicitation)? CHECKLIST: SECURE AGILE DEVELOPMENT
7Booz Allen Hamilton and Client proprietary and business confidential
8Booz Allen Hamilton and Client proprietary and business confidential 8Booz Allen Hamilton and Client proprietary and business confidential AUDIENCE Q & A
9Booz Allen Hamilton and Client proprietary and business confidential LEARN MORE READ THE FULL WHITE PAPER Interested in what you heard today? Read the full white paper on Secure Agile Development. You’ll receive this after today’s meeting. STAY TUNED FOR OUR PODCASTS In the coming weeks, we’ll be releasing a series of podcasts focused on topics related to Secure Agile Development including tools and policy. CHECK OUT OUR OTHER SYSTEMS DELIVERY HIGHLIGHTS Visit www.boozallen.com/systemsdelivery to learn more about our approach to systems delivery and viewpoints on other technology topics.

Empfohlen

Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...
Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...
Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...QuickBase, Inc.
 
Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...
Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...
Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...QuickBase, Inc.
 
Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...
Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...
Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...Swatantra Kumar
 
Welcome from Intuit QuickBase Keynote
Welcome from Intuit QuickBase KeynoteWelcome from Intuit QuickBase Keynote
Welcome from Intuit QuickBase KeynoteQuickBase, Inc.
 
Modern Architectures: Integration Stories from the Field
Modern Architectures: Integration Stories from the FieldModern Architectures: Integration Stories from the Field
Modern Architectures: Integration Stories from the FieldDreamforce
 
A Changing Mandate for the CIO
A Changing Mandate for the CIOA Changing Mandate for the CIO
A Changing Mandate for the CIOAppDynamics
 
Affordable ERP solutions on low-code
Affordable ERP solutions on low-codeAffordable ERP solutions on low-code
Affordable ERP solutions on low-codeZoho Creator
 
apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...
apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...
apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...apidays
 

Empfohlen

Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...
Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...
Creating an IT Revolution within your Organization - QuickBase, Inc. at CIO V...QuickBase, Inc.
 
Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...
Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...
Guiding Principles for the Low Code Revolution – Intuit QuickBase EMPOWER2015...QuickBase, Inc.
 
Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...
Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...
Why not let apm do all the heavy lifting beyond the basics of monitoring | Sw...Swatantra Kumar
 
Welcome from Intuit QuickBase Keynote
Welcome from Intuit QuickBase KeynoteWelcome from Intuit QuickBase Keynote
Welcome from Intuit QuickBase KeynoteQuickBase, Inc.
 
Modern Architectures: Integration Stories from the Field
Modern Architectures: Integration Stories from the FieldModern Architectures: Integration Stories from the Field
Modern Architectures: Integration Stories from the FieldDreamforce
 
A Changing Mandate for the CIO
A Changing Mandate for the CIOA Changing Mandate for the CIO
A Changing Mandate for the CIOAppDynamics
 
Affordable ERP solutions on low-code
Affordable ERP solutions on low-codeAffordable ERP solutions on low-code
Affordable ERP solutions on low-codeZoho Creator
 
apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...
apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...
apidays LIVE Helsinki & North - Product data ecosystem in the digital dental ...apidays
 
North America Strategic Modernization Exec Forum
North America Strategic Modernization Exec Forum North America Strategic Modernization Exec Forum
North America Strategic Modernization Exec Forum Micro Focus
 
Node: The Integration Fabric of the Future
Node: The Integration Fabric of the FutureNode: The Integration Fabric of the Future
Node: The Integration Fabric of the FutureAlbert Tsang
 
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarBreaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarSwatantra Kumar
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutBramh Gupta
 
Replace Your Stale Intranet with a Mobile, Social Employee Community
Replace Your Stale Intranet with a Mobile, Social Employee CommunityReplace Your Stale Intranet with a Mobile, Social Employee Community
Replace Your Stale Intranet with a Mobile, Social Employee CommunityDreamforce
 
CRM is not enough
CRM is not enoughCRM is not enough
CRM is not enoughSegment
 
PCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesCapgemini
 
Digital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesDigital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesMuleSoft
 
Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Bala Iyer
 
Cwin16 tls-capgemini-business-architecture-open-group-2016
Cwin16 tls-capgemini-business-architecture-open-group-2016Cwin16 tls-capgemini-business-architecture-open-group-2016
Cwin16 tls-capgemini-business-architecture-open-group-2016Capgemini
 
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)Drupal Portugal
 
CITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICESCITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICESBooz Allen Hamilton
 
LANSA, Business Process Integration buyers guide
LANSA, Business Process Integration buyers guideLANSA, Business Process Integration buyers guide
LANSA, Business Process Integration buyers guideMarjanna Frank
 
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...Maruti Techlabs
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration StrategyInfo-Tech Research Group
 
Low Code Application
Low Code ApplicationLow Code Application
Low Code Applicationpavanr1234
 
The Business Case for Disaster Recovery
The Business Case for Disaster RecoveryThe Business Case for Disaster Recovery
The Business Case for Disaster RecoveryCarbonite
 
Accelerating SAP transformations with Micro Focus
Accelerating SAP transformations with Micro FocusAccelerating SAP transformations with Micro Focus
Accelerating SAP transformations with Micro FocusChristian Schuetz
 
Fast Track AIOps Automation with Prebuilt Databots
Fast Track AIOps Automation with Prebuilt DatabotsFast Track AIOps Automation with Prebuilt Databots
Fast Track AIOps Automation with Prebuilt DatabotsEnterprise Management Associates
 
Analytical Program Management Infographic
Analytical Program Management InfographicAnalytical Program Management Infographic
Analytical Program Management InfographicBooz Allen Hamilton
 
Booz Allen Hamilton's Methodology for Platform Modernization Infographic
Booz Allen Hamilton's Methodology for Platform Modernization InfographicBooz Allen Hamilton's Methodology for Platform Modernization Infographic
Booz Allen Hamilton's Methodology for Platform Modernization InfographicBooz Allen Hamilton
 

Weitere ähnliche Inhalte

Was ist angesagt?

North America Strategic Modernization Exec Forum
North America Strategic Modernization Exec Forum North America Strategic Modernization Exec Forum
North America Strategic Modernization Exec Forum Micro Focus
 
Node: The Integration Fabric of the Future
Node: The Integration Fabric of the FutureNode: The Integration Fabric of the Future
Node: The Integration Fabric of the FutureAlbert Tsang
 
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarBreaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarSwatantra Kumar
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutBramh Gupta
 
Replace Your Stale Intranet with a Mobile, Social Employee Community
Replace Your Stale Intranet with a Mobile, Social Employee CommunityReplace Your Stale Intranet with a Mobile, Social Employee Community
Replace Your Stale Intranet with a Mobile, Social Employee CommunityDreamforce
 
CRM is not enough
CRM is not enoughCRM is not enough
CRM is not enoughSegment
 
PCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesCapgemini
 
Digital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesDigital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesMuleSoft
 
Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Bala Iyer
 
Cwin16 tls-capgemini-business-architecture-open-group-2016
Cwin16 tls-capgemini-business-architecture-open-group-2016Cwin16 tls-capgemini-business-architecture-open-group-2016
Cwin16 tls-capgemini-business-architecture-open-group-2016Capgemini
 
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)Drupal Portugal
 
LANSA, Business Process Integration buyers guide
LANSA, Business Process Integration buyers guideLANSA, Business Process Integration buyers guide
LANSA, Business Process Integration buyers guideMarjanna Frank
 
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...Maruti Techlabs
 
Low Code Application
Low Code ApplicationLow Code Application
Low Code Applicationpavanr1234
 
The Business Case for Disaster Recovery
The Business Case for Disaster RecoveryThe Business Case for Disaster Recovery
The Business Case for Disaster RecoveryCarbonite
 
Accelerating SAP transformations with Micro Focus
Accelerating SAP transformations with Micro FocusAccelerating SAP transformations with Micro Focus
Accelerating SAP transformations with Micro FocusChristian Schuetz
 

Was ist angesagt? (20)

North America Strategic Modernization Exec Forum
North America Strategic Modernization Exec Forum North America Strategic Modernization Exec Forum
North America Strategic Modernization Exec Forum
 
Node: The Integration Fabric of the Future
Node: The Integration Fabric of the FutureNode: The Integration Fabric of the Future
Node: The Integration Fabric of the Future
 
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarBreaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
 
Integration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk AboutIntegration: The $100 Billion Opportunity No One Wants to Talk About
Integration: The $100 Billion Opportunity No One Wants to Talk About
 
Replace Your Stale Intranet with a Mobile, Social Employee Community
Replace Your Stale Intranet with a Mobile, Social Employee CommunityReplace Your Stale Intranet with a Mobile, Social Employee Community
Replace Your Stale Intranet with a Mobile, Social Employee Community
 
CRM is not enough
CRM is not enoughCRM is not enough
CRM is not enough
 
PCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest SoftwarePCM Vision 2019 Breakout: Quest Software
PCM Vision 2019 Breakout: Quest Software
 
How to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital EnterprisesHow to use Innovative Architectures for Digital Enterprises
How to use Innovative Architectures for Digital Enterprises
 
Digital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected DevicesDigital Transformation in a World of Connected Devices
Digital Transformation in a World of Connected Devices
 
Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?
 
Cwin16 tls-capgemini-business-architecture-open-group-2016
Cwin16 tls-capgemini-business-architecture-open-group-2016Cwin16 tls-capgemini-business-architecture-open-group-2016
Cwin16 tls-capgemini-business-architecture-open-group-2016
 
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
TURN YOUR DRUPAL INTO A DIGITAL EXPERIENCE PLATFORM (DXP)
 
CITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICESCITRIX IN AMAZON WEB SERVICES
CITRIX IN AMAZON WEB SERVICES
 
LANSA, Business Process Integration buyers guide
LANSA, Business Process Integration buyers guideLANSA, Business Process Integration buyers guide
LANSA, Business Process Integration buyers guide
 
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
What is a Citizen Developer? How Can You Harness the Power of Citizen Develop...
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration Strategy
 
Low Code Application
Low Code ApplicationLow Code Application
Low Code Application
 
The Business Case for Disaster Recovery
The Business Case for Disaster RecoveryThe Business Case for Disaster Recovery
The Business Case for Disaster Recovery
 
Accelerating SAP transformations with Micro Focus
Accelerating SAP transformations with Micro FocusAccelerating SAP transformations with Micro Focus
Accelerating SAP transformations with Micro Focus
 
Fast Track AIOps Automation with Prebuilt Databots
Fast Track AIOps Automation with Prebuilt DatabotsFast Track AIOps Automation with Prebuilt Databots
Fast Track AIOps Automation with Prebuilt Databots
 

Andere mochten auch

Analytical Program Management Infographic
Analytical Program Management InfographicAnalytical Program Management Infographic
Analytical Program Management InfographicBooz Allen Hamilton
 
Booz Allen Hamilton's Methodology for Platform Modernization Infographic
Booz Allen Hamilton's Methodology for Platform Modernization InfographicBooz Allen Hamilton's Methodology for Platform Modernization Infographic
Booz Allen Hamilton's Methodology for Platform Modernization InfographicBooz Allen Hamilton
 
The Shifting Economics of Global Manufacturing
The Shifting Economics of Global ManufacturingThe Shifting Economics of Global Manufacturing
The Shifting Economics of Global ManufacturingBoston Consulting Group
 
Nuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceNuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceBooz Allen Hamilton
 
Examining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsExamining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsBooz Allen Hamilton
 
Smart Cities – how to master the world's biggest growth challenge
Smart Cities – how to master the world's biggest growth challengeSmart Cities – how to master the world's biggest growth challenge
Smart Cities – how to master the world's biggest growth challengeBoston Consulting Group
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowBooz Allen Hamilton
 
Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Hamilton
 
My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"
My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"
My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"Google Inc.
 
Cyber In-Security II: Closing the Federal Gap
Cyber In-Security II: Closing the Federal GapCyber In-Security II: Closing the Federal Gap
Cyber In-Security II: Closing the Federal GapBooz Allen Hamilton
 
The Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingThe Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingBooz Allen Hamilton
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton
 
You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesYou Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesBooz Allen Hamilton
 

Andere mochten auch (20)

Analytical Program Management Infographic
Analytical Program Management InfographicAnalytical Program Management Infographic
Analytical Program Management Infographic
 
Booz Allen Hamilton's Methodology for Platform Modernization Infographic
Booz Allen Hamilton's Methodology for Platform Modernization InfographicBooz Allen Hamilton's Methodology for Platform Modernization Infographic
Booz Allen Hamilton's Methodology for Platform Modernization Infographic
 
Smart Data Infographic
Smart Data InfographicSmart Data Infographic
Smart Data Infographic
 
The Shifting Economics of Global Manufacturing
The Shifting Economics of Global ManufacturingThe Shifting Economics of Global Manufacturing
The Shifting Economics of Global Manufacturing
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural Addresses
 
Nuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving PerformanceNuclear Promise: Reducing Cost While Improving Performance
Nuclear Promise: Reducing Cost While Improving Performance
 
Military Spouse Career Roadmap
Military Spouse Career Roadmap Military Spouse Career Roadmap
Military Spouse Career Roadmap
 
Examining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working MomsExamining Flexibility in the Workplace for Working Moms
Examining Flexibility in the Workplace for Working Moms
 
Smart Cities – how to master the world's biggest growth challenge
Smart Cities – how to master the world's biggest growth challengeSmart Cities – how to master the world's biggest growth challenge
Smart Cities – how to master the world's biggest growth challenge
 
The True Cost of Childcare
The True Cost of ChildcareThe True Cost of Childcare
The True Cost of Childcare
 
Homeland Threats: Today and Tomorrow
Homeland Threats: Today and TomorrowHomeland Threats: Today and Tomorrow
Homeland Threats: Today and Tomorrow
 
Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science Booz Allen Field Guide to Data Science
Booz Allen Field Guide to Data Science
 
My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"
My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"
My book: "Virtual Social Networks and Open Innovation: Questioning the RBV"
 
Cloud Analytics Playbook
Cloud Analytics PlaybookCloud Analytics Playbook
Cloud Analytics Playbook
 
Data privacy by the numbers
Data privacy by the numbersData privacy by the numbers
Data privacy by the numbers
 
Cyber In-Security II: Closing the Federal Gap
Cyber In-Security II: Closing the Federal GapCyber In-Security II: Closing the Federal Gap
Cyber In-Security II: Closing the Federal Gap
 
The Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile CoachingThe Product Owner’s Universe: Agile Coaching
The Product Owner’s Universe: Agile Coaching
 
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey ReportBooz Allen Hamilton and Market Connections: C4ISR Survey Report
Booz Allen Hamilton and Market Connections: C4ISR Survey Report
 
You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest ChallengesYou Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
You Can Hack That: How to Use Hackathons to Solve Your Toughest Challenges
 
WWAD 2016
WWAD 2016WWAD 2016
WWAD 2016
 

Ähnlich wie Booz Allen Secure Agile Development

Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!Dreamforce
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYCHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYChuck Davis
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Static Application Security Testing technology to Remediate Vulnerabilities
Static Application Security Testing technology to Remediate VulnerabilitiesStatic Application Security Testing technology to Remediate Vulnerabilities
Static Application Security Testing technology to Remediate VulnerabilitiesHCLSoftware
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing ProfessionalsTechWell
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureCprime
 
dan craig resume
dan craig resumedan craig resume
dan craig resumeDan Craig
 
Level Up Web App Security: Start Your Free Trial of HCL AppScan Source
Level Up Web App Security: Start Your Free Trial of HCL AppScan SourceLevel Up Web App Security: Start Your Free Trial of HCL AppScan Source
Level Up Web App Security: Start Your Free Trial of HCL AppScan SourceHCLSoftware
 
All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...
All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...
All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...HCLSoftware
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded AdminSalesforce Admins
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixNix Inc.,
 

Ähnlich wie Booz Allen Secure Agile Development (20)

Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps World
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!
Eli Lilly is All In on Salesforce App Cloud. How They Did It and You Can Too!
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYCHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Static Application Security Testing technology to Remediate Vulnerabilities
Static Application Security Testing technology to Remediate VulnerabilitiesStatic Application Security Testing technology to Remediate Vulnerabilities
Static Application Security Testing technology to Remediate Vulnerabilities
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Security Testing for Testing Professionals
Security Testing for Testing ProfessionalsSecurity Testing for Testing Professionals
Security Testing for Testing Professionals
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
 
dan craig resume
dan craig resumedan craig resume
dan craig resume
 
Level Up Web App Security: Start Your Free Trial of HCL AppScan Source
Level Up Web App Security: Start Your Free Trial of HCL AppScan SourceLevel Up Web App Security: Start Your Free Trial of HCL AppScan Source
Level Up Web App Security: Start Your Free Trial of HCL AppScan Source
 
All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...
All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...
All-In-One Security: Visibility, Risk Management. Versatile, Scalable, Deploy...
 
Embedding Security in IT Projects
Embedding Security in IT ProjectsEmbedding Security in IT Projects
Embedding Security in IT Projects
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded Admin
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 

Mehr von Booz Allen Hamilton

Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Preparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsPreparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsBooz Allen Hamilton
 
Immersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereImmersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereBooz Allen Hamilton
 
Frenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesFrenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesBooz Allen Hamilton
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Hamilton
 
Modern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksModern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksBooz Allen Hamilton
 
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Booz Allen Hamilton
 
The Enterprise Integrator - C4ISR
The Enterprise Integrator - C4ISRThe Enterprise Integrator - C4ISR
The Enterprise Integrator - C4ISRBooz Allen Hamilton
 
Convergence and Disruption in Manufacturing
Convergence and Disruption in ManufacturingConvergence and Disruption in Manufacturing
Convergence and Disruption in ManufacturingBooz Allen Hamilton
 
Data is Growing at a Veracious Rate
Data is Growing at a Veracious RateData is Growing at a Veracious Rate
Data is Growing at a Veracious RateBooz Allen Hamilton
 
The Power and Importance of Failure in Business
The Power and Importance of Failure in BusinessThe Power and Importance of Failure in Business
The Power and Importance of Failure in BusinessBooz Allen Hamilton
 
Bridging Mission and Management: A Survey of Government Chief Operating Officers
Bridging Mission and Management: A Survey of Government Chief Operating OfficersBridging Mission and Management: A Survey of Government Chief Operating Officers
Bridging Mission and Management: A Survey of Government Chief Operating OfficersBooz Allen Hamilton
 
Enterprise Integration Architect
Enterprise Integration ArchitectEnterprise Integration Architect
Enterprise Integration ArchitectBooz Allen Hamilton
 
Creating Value in Health through Big Data
Creating Value in Health through Big DataCreating Value in Health through Big Data
Creating Value in Health through Big DataBooz Allen Hamilton
 
Vampire Tactical Forensic Device - Product Sheet
Vampire Tactical Forensic Device - Product SheetVampire Tactical Forensic Device - Product Sheet
Vampire Tactical Forensic Device - Product SheetBooz Allen Hamilton
 

Mehr von Booz Allen Hamilton (18)

Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Preparing for New Healthcare Payment Models
Preparing for New Healthcare Payment ModelsPreparing for New Healthcare Payment Models
Preparing for New Healthcare Payment Models
 
Immersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is HereImmersive Learning: The Future of Training is Here
Immersive Learning: The Future of Training is Here
 
Frenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join ForcesFrenemies – When Unlikely Partners Join Forces
Frenemies – When Unlikely Partners Join Forces
 
Booz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat BriefingBooz Allen Industrial Cybersecurity Threat Briefing
Booz Allen Industrial Cybersecurity Threat Briefing
 
Modern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military NetworksModern C4ISR Integrates, Innovates and Secures Military Networks
Modern C4ISR Integrates, Innovates and Secures Military Networks
 
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
Agile and Open C4ISR Systems - Helping the Military Integrate, Innovate and S...
 
Women On The Leading Edge
Women On The Leading Edge Women On The Leading Edge
Women On The Leading Edge
 
The Enterprise Integrator - C4ISR
The Enterprise Integrator - C4ISRThe Enterprise Integrator - C4ISR
The Enterprise Integrator - C4ISR
 
Convergence and Disruption in Manufacturing
Convergence and Disruption in ManufacturingConvergence and Disruption in Manufacturing
Convergence and Disruption in Manufacturing
 
ISR Systems Development
ISR Systems DevelopmentISR Systems Development
ISR Systems Development
 
Data is Growing at a Veracious Rate
Data is Growing at a Veracious RateData is Growing at a Veracious Rate
Data is Growing at a Veracious Rate
 
The Power and Importance of Failure in Business
The Power and Importance of Failure in BusinessThe Power and Importance of Failure in Business
The Power and Importance of Failure in Business
 
Bridging Mission and Management: A Survey of Government Chief Operating Officers
Bridging Mission and Management: A Survey of Government Chief Operating OfficersBridging Mission and Management: A Survey of Government Chief Operating Officers
Bridging Mission and Management: A Survey of Government Chief Operating Officers
 
Talent InSight Infographic
Talent InSight InfographicTalent InSight Infographic
Talent InSight Infographic
 
Enterprise Integration Architect
Enterprise Integration ArchitectEnterprise Integration Architect
Enterprise Integration Architect
 
Creating Value in Health through Big Data
Creating Value in Health through Big DataCreating Value in Health through Big Data
Creating Value in Health through Big Data
 
Vampire Tactical Forensic Device - Product Sheet
Vampire Tactical Forensic Device - Product SheetVampire Tactical Forensic Device - Product Sheet
Vampire Tactical Forensic Device - Product Sheet
 

Kürzlich hochgeladen

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Booz Allen Secure Agile Development

  • 1. 0Booz Allen Hamilton and Client proprietary and business confidential 0Booz Allen Hamilton and Client proprietary and business confidential June 2016 SECURE AGILE DEVELOPMENT A TRANSFORMATIVE APPROACH TO SECURE SYSTEMS DELIVERY
  • 2. 1Booz Allen Hamilton and Client proprietary and business confidential MEET OUR PRESENTERS MARC MURPHY BOB WILLIAMS RYAN SKOUSEN A Vice President our Systems Delivery Group, Marc is an expert in Agile software development services, ERP, and AWS cloud operations. Prior to joining Booz Allen, Marc served as CEO of SPARC where he oversaw all business and operations done in concert with several Department of the Defense contracts. He was also a former partner for Deloitte DoD/Federal group as well as served as an Officer in the U.S. Army. A Chief Engineer at Booz Allen, Ryan is leading the development and maintenance of a DoD Big Data analytic platform focused on exploitation of unstructured data under the Joint Improvised-threat Defeat Agency (JIDA). Ryan’s experience ranges from software development, Linux systems administration, and big data management to information security and Certification and Accreditation under both RMF and ICD 503. Ryan applies these different disciplines to deliver mission-focused, operational systems to the field. A Chief Scientist at Booz Allen, Bob is a leader, architect and hands-on engineer specializing in building application frameworks and development platforms, as well as building teams, and architecting scalable, robust, data-intensive systems in accordance to FIPS, NIST and OWASP compliance. Prior to joining Booz Allen, Bob served as the CTO for SPARC where he provided vision, strategy and direction to the Engineering organization.
  • 3. 2Booz Allen Hamilton and Client proprietary and business confidentialBooz Allen Hamilton and Client proprietary and business confidential 2 WHAT’S THE CHALLENGE? How can we adopt modern development practices, and transform a federal agency’s delivery model without sacrificing information assurance and system security controls?
  • 4. 3Booz Allen Hamilton and Client proprietary and business confidential THREE PILLARS OF SECURE AGILE DEVELOPMENT When developing any system, security requirements and controls can’t be segmented from technical requirements. There must be a deep understanding of how these security requirements complement capability requirements for the system under development. Expertise in how security is incorporated, tested, and monitored as a part of DevOps (continuous deployment, infrastructure as code, containerization, continuous diagnostic monitoring) methods is critical to increase velocity with confidence. A deliberate organizational change approach, led by experienced professionals is required to transform an agency’s delivery model - this is the difference between “Doing Agile” and “Being Agile”. MISSION UNDERSTANDING TECHNICAL ACUMEN AND INNOVATION “SECURE FIRST” CULTURE
  • 5. 4Booz Allen Hamilton and Client proprietary and business confidential MISSION UNDERSTANDING  Is Security talent embedded within teams and is each team member, from developer to security professional, “security intelligent”?  Are software security fundamentals implemented, such as user authentication and access controls, protection against known attack vectors?  Does the development team have an understanding of current and impending regulatory security requirements (e.g. Risk Management Framework, ICD 503, DISA STIG, US-CERT)? Have these requirements been addressed as technical stories and applied to sprints?  Does the development team have an understanding of agency specific SDLC governance models (e.g. VA’s Veteran Integration Process, DoD 5000) and how modern methods and tooling can be leveraged to meet these requirements with Agility? CHECKLIST: SECURE AGILE DEVELOPMENT
  • 6. 5Booz Allen Hamilton and Client proprietary and business confidential TECHNICAL ACUMEN  Are automated security scans included as a part of Continuous Integration for each code commit and providing a transparent, real-time view of the security posture?  Does your security strategy address the entire technology stack to include secure containers, network, firewalls and operating system for vulnerabilities?  Have automated security test scripts been developed and executed to verify security features, such as authorization, authentication, field level validation, and PII/PHI compliance?  Does the configuration of security components such as the perimeter firewall, Intrusion Detection / Prevention System (IDS/IPS) follow a similar model in terms of provisioning and configuration as application servers?  As a part of the DevOps process, is dynamic network monitoring in place to actively discover vulnerabilities or active attacks? CHECKLIST: SECURE AGILE DEVELOPMENT
  • 7. 6Booz Allen Hamilton and Client proprietary and business confidential CHANGE MANAGEMENT  Is the process of defining, implementing and monitoring security an iterative cycle throughout the development and maintenance lifecycle of the software? Is the team providing constant feedback, reevaluation, maturation and evolution of secure software?  Is the project employing Agile coaching to drive organizational or project level change management?  Have appropriate organizational resources been allocated to sponsor, measure, and reinforce the implementation of security standards as a part of Agile development activities?  Is the delivery team addressing security concerns, as a part of traditional Agile ceremonies and practices (e.g. stand ups, release planning, information radiators, story elicitation)? CHECKLIST: SECURE AGILE DEVELOPMENT
  • 8. 7Booz Allen Hamilton and Client proprietary and business confidential
  • 9. 8Booz Allen Hamilton and Client proprietary and business confidential 8Booz Allen Hamilton and Client proprietary and business confidential AUDIENCE Q & A
  • 10. 9Booz Allen Hamilton and Client proprietary and business confidential LEARN MORE READ THE FULL WHITE PAPER Interested in what you heard today? Read the full white paper on Secure Agile Development. You’ll receive this after today’s meeting. STAY TUNED FOR OUR PODCASTS In the coming weeks, we’ll be releasing a series of podcasts focused on topics related to Secure Agile Development including tools and policy. CHECK OUT OUR OTHER SYSTEMS DELIVERY HIGHLIGHTS Visit www.boozallen.com/systemsdelivery to learn more about our approach to systems delivery and viewpoints on other technology topics.