Dan Blum

Dan Blum

Security Architects Partners


An internationally-recognized expert in security, privacy, cloud computing and identity management Dan Blum leads and delivers consulting projects spanning multiple industries for Security Architects Partners. Formerly a Golden Quill award-winning VP and Distinguished Analyst at Gartner, he has led or contributed to projects such as: cloud security and privacy assessments, security organization and risk management framework development, and identity architectures. He’s also consulted on technical security engagements in all areas of data protection domains including enterprise authorization, DLP, privileged access management, and encryption/key management.

Mr. Blum holds a CISSP certification. He is a frequent speaker at industry events and has participated in industry groups such as ISACA, the CSA, Kantara Initiative, OASIS, and others. 


Abstract

How to Build Security and Risk Management into Agile Environments

Many organizations have adopted the agile methodology for software development and/or moved to DevOps IT support models, micro-services, containers, and the like. Often, these practices leave Information security pros tearing their hair out for lack of assurance and verification processes, or an absence of separation of duty. Insisting on traditional waterfall-based security processes may not be an option. As one security engineering staff member put it, “Business developers come to central IT asking for solutions to a problem and are told it will take 6 months. Then it’s late. They won’t be back.”

Risk management should be front and center in security. However, risk management is also a challenge in the iterative agile environment – especially for a number of companies that use agile project management for most or all projects, even outside development. A challenge in the agile environment. In this presentation, Blum will address:

  • Challenges of implementing security and risk management in agile or DevOps models
  • Good practices for embedding security services in the pipeline
  • Developing an agile risk management framework