Software development has changed radically over the last 2 decades. Agile, devops, cloud, continuous integration all resulted in a shift towards continuous change. Therefor it is critical to evaluate quality & security as early as possible and keep doing that on a continuous basis. Unfortunately information security and compliance practices are often still based on static, tollgate based control mechanisms. These have become incompatible with the modern world of software development. Often, this will cause a lot of friction in the process, resulting in security and compliance being bypassed or ignored. In order to provide real quality and become resilient, these processes need to be converted from a tollgate based approach towards a continuous flow approach that is integrated and aligned with software development.
I help customers to move from a ‘bolt on’ towards a ‘built in’ security and compliance approach. As a strategic transformation coach I focus on helping customers with analyzing existing security and development practices and create a sensible maturity roadmap, transform existing security, compliance, and privacy processes into LEAN/Agile versions, align security activities with the development way of working, design continuous compliance programs and identify the evidence collected during software development with frameworks like ISO27001 and SOC2, optimize security activities in the software development lifecycle (e.g. with threat modeling and tooling selection), set up a security minded engineering culture, provide training both on ‘devops for security’ and ‘security for devops’.