Agility and Security

It shouldn't be surprising that the security aspects of agility receive little attention, because security aspects of almost anything receive little attention, at least until they are exploited in some way.

Gunnar Peterson suggests that security pros need some of the same love (tough love, from the tone of his post) that devs and ops are getting around agile methodologies.

This is a great point. Falling into the same trap that I noted at the top of the post, I have been giving short shrift to security as a serious topic of discussion in agile operations. To the extent that I mention it, it's usually to point out that a lot of the providers and tools used in agile operations are more secure than their traditional alternatives. Coming from a small business background, I don't usually identify security professionals as a part of the dev-ops-biz triangle; security has always been a responsibilty of operations, and a typically disregarded responsibility at that. Of course, it is a component of operations; but not one that I have to date heard anyone expliciting discussing in the larger picture of development/operations coordination. That should change, and I will try to do a better job of addressing security as a part of agile operations here in future posts.