Adapting Agile for Small SOC Teams with Azure DevOps: How-to and Lessons Learned presented at DevOpsDaysAustin 2019

by Alex Useche,

Summary : Can Agile work for security teams? Let's discuss practical ways in which security teams can adopt agile processes and use DevOps tools to automate and track SOC tasks, as well as some of the challenges that can be encountered when attempting this endeavor. It's time for security to become Agile!Security Operation Center (SOC) teams are responsible for protecting company assets by auditing, detecting, and remediating security threats in their networks and applications. As teams of developers evolve to put people over processes, and as DevOps makes its way into the core processes of many organizations, it becomes necessary for SOC teams to grow in that same direction to enable effective collaboration between security and development teams. In this talk, we will discuss our experiences using Agile and DevOps for building a SOC team. We will also consider how SOC teams can implement agile processes and use Azure DevOps to automate and track of SOC tasks, use Git for keeping track of security configurations, and document processes that enable more effective collaboration with DevOps teams in a practical way. Lastly, we will discuss some challenges that we have encountered when implementing Agile for SOC small teams in organizations that still rely on waterfall methodologies for most of their processes.