Agile (DevOps) and Operations#
Agile development methodologies are known for moving quickly and continuously improving, which can make it challenging for operations teams to maintain stable and predictable metrics. Similarly, audit teams may struggle to keep up with the pace of DevOps, leading to delayed reports and outdated information.
It is known that most audit team is like operation teams which hate Agile. 😜 Very often by the time audit team finish the report, DevOps is already making 38 changes. 😅
Despite these challenges, some organizations believe that Agile can replace traditional operations, change management, and audit practices. However, this requires buy-in from top management, who must be willing to replace traditional practices with Agile methodologies.
To successfully implement Agile in your company, it may be helpful to follow these rules:
- Stop all approval flows at all management levels.
- Replace current metrics with Agile tracking.
Operation Challenges with Agile#
Agile can be suitable for cyber operations if it is implemented properly and aligned with the organization’s goals and roadmap, such as :
- Faster response to cyber threats and incidents
- Continuous improvement and feedback
- Better collaborationand communication among teams
- Promote automation for testing and scanning
However, agile does come with some challenges too, such as:
- Changing the culature and mindset of security teams and stakeholders
- Balancing speed and quality of security solutions
- Dealing with regulatory and compliance requirements
Especially, in cyber security operations, there is always black swan event happens. And when it happens, the automation will fail. We can’t simply automate what we haven’t seen before.
To manage the black swan event, cyber ops team should implement orchestration. Orchestration is simply managing multiple automated tasks to create a dynamic workflow or transform a process end-to-end12. Orchestration can be considered a form of “automating automation”