Implementing an Agile Security FrameworkA CISO Discusses Ways to Help the Security Team Quickly Adjust Plans
When security teams apply agile methodologies, they are better able to deliver value and can more easily pivot and change plans, says Kevin Fielder, CISO of Just Eat, a British online food ordering and delivery service with operations in 13 countries.
In an interview with Information Security Media Group, he highlights the benefits of adopting an agile security framework.
"We don't have a huge security playbook," he says. "It's all broken down into small chunks. So an incident might go through three or four playbooks, but because it's a self-contained playbook, you can make changes without impacting anything else."
In the interview (see audio link below photo), Fielder also discusses:
- What it takes to transition from a conventional risk management approach to an agile framework;
- How to build a structure to support agile processes;
- How to provide continuous training on agile security risk management to all layers of the organization.
In addition to his role as CISO at Just Eat, Fielder serves as an advisory board member for ClubCISO, a private members forum for European information security leaders, and Red Sift, a software company. He was previously head of cybersecurity consulting for WorldPlay, a U.K.- based payments processing company.