AppSec Europe 2016 has ended
Back To Schedule
Thursday, June 30 • 11:35 - 12:20
Security Project Management: how to be Agile in Security Testing projects

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

"Order or disorder depends on organization" wrote Sun Tzu centuries ago. Organization in managing Security Testing project is fundamental. Actually, the rise of Agile methodologies for IT Software Development and the continue Business Changes produces challenging deadlines for Deployment and for Security Testing. But because Security requirements have to be considered as a Must and have to be fulfilled or the software – often – will not have the “go” for production if there are vulnerabilities. The Secure Software Development Life cycle and the Team have to adapt to specific needs and planned accordingly defining priorities, skills and a sound Business Case for Security Testing. 
The role of the Project Manager - or Team Leader – is crucial. Practices like micro-management not work and it is counterproductive with skilled Penetration Testers. Project Manager has to be a servant leader and a facilitator who enables the Testers to work smoothly, facilitate the communication and remove impediments for the testing (and bureaucratic work) in order to meet the Security goals. 
The workshop will describe - by examples - how to combine Agile Project Management methodologies such as the DSDM Agile Project Framework tailored for Security Testing projects blending the OWASP Testing Guide, TOP 10 and other de-facto standards for IT and Information Security. Covering different aspects of the management of a Penetration Test such as the Business Case, Estimates, Risks and Quality. 

avatar for Simone Onofri

Simone Onofri

Security Business Consultant, Hewlett Packard Enterprise
Simone is a Security Business Consultant for Hewlett Packard Enterprise and a Director of DSDM Consortium. Simone has a 13+ years of experience in the field if IT, serving customers in the EMEA area mainly for Security Testing and Incident Response projects with an innovative, practical... Read More →

Thursday June 30, 2016 11:35 - 12:20 CEST
Room C (Tiziano Ballroom Sec. 2)