Scrum-ban: Security's Agile Flow & Focus
StevenCarlson22
1 views
26 slides
Sep 28, 2025
Slide 1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
About This Presentation
Scrumban is a powerful hybrid methodology that boosts a security engineering team's efficiency and effectiveness by blending the structure of Scrum with the flexibility of Kanban. It allows teams to clearly prioritize security tasks using visual boards, fosters better collaboration and transpare...
Slide Content
Scrum-ban: The Agile
Avenger
Steven Carlson
Senior Product Security Engineer
Avenger
Steven Carlson
Senior Product Security Engineer
About me
Software Engineer who is passionate
about clean secure code.
Helpdesk -> Software Engineer ->
Security -> DevSecOps -> Senior
Product Security Engineer
https://about.me/rockrunner
Software Engineer who is passionate
about clean secure code.
Helpdesk -> Software Engineer ->
Security -> DevSecOps -> Senior
Product Security Engineer
https://about.me/rockrunner
Question!
Agenda
Prioritizing Tasks
Improving Collaboration
Maintaining Adaptability
Q&A
Prioritizing Tasks
Improving Collaboration
Maintaining Adaptability
Q&A
Prioritizing Tasks
Prioritizing Tasks
The S.H.I.E.L.D. Initiative
•Prioritize Security Tasks: Learn to
effectively manage a backlog of
security initiatives using Scrum-
ban’s visual tools and techniques.
•Enhance Visibility: Gain a clear
understanding of your team’s
progress and identify potential
bottlenecks through Scrum-ban’s
visual dashboards.
The S.H.I.E.L.D. Initiative
•Prioritize Security Tasks: Learn to
effectively manage a backlog of
security initiatives using Scrum-
ban’s visual tools and techniques.
•Enhance Visibility: Gain a clear
understanding of your team’s
progress and identify potential
bottlenecks through Scrum-ban’s
visual dashboards.
Work Day
The S.H.I.E.L.D. Initiative
•Visualize the Backlog: Simple "To
Do," "In Progress," and "Done"
board.
•Prioritize with a Purpose: Use
color-coding or swim lanes to define
urgency and impact (e.g., 'Level 1
Threat’).
•Limit Work in Progress (WIP): Set
limits to increase focus and prevent
overwhelm.
The S.H.I.E.L.D. Initiative
•Visualize the Backlog: Simple "To
Do," "In Progress," and "Done"
board.
•Prioritize with a Purpose: Use
color-coding or swim lanes to define
urgency and impact (e.g., 'Level 1
Threat’).
•Limit Work in Progress (WIP): Set
limits to increase focus and prevent
overwhelm.
Example
The S.H.I.E.L.D. Initiative
•The Attack: 23andMe breach was
caused by Credential Stuffing
(reused passwords) — not a new
exploit.
•The Flaw: Users lacked Multi-
Factor Authentication (MFA).
•The Fix: Mandating MFA should be
assigned a "Level 1 Threat" priority,
placing it at the top of the backlog
to force immediate action.
The S.H.I.E.L.D. Initiative
•The Attack: 23andMe breach was
caused by Credential Stuffing
(reused passwords) — not a new
exploit.
•The Flaw: Users lacked Multi-
Factor Authentication (MFA).
•The Fix: Mandating MFA should be
assigned a "Level 1 Threat" priority,
placing it at the top of the backlog
to force immediate action.
AI Use Case
The S.H.I.E.L.D. Initiative
•Leverage AI Threat Intelligence:
Automatically scan for new
vulnerabilities and score risk.
•Automated Scrum-ban
Integration: AI creates a prioritized
ticket (e.g., "Level 1 Threat" marker)
directly on the board.
•Benefit: Get ahead of the threat
before it hits the team's radar.
The S.H.I.E.L.D. Initiative
•Leverage AI Threat Intelligence:
Automatically scan for new
vulnerabilities and score risk.
•Automated Scrum-ban
Integration: AI creates a prioritized
ticket (e.g., "Level 1 Threat" marker)
directly on the board.
•Benefit: Get ahead of the threat
before it hits the team's radar.
Improving Collaboration
Improving Collaboration & Responsiveness
The Avengers Assemble
•Improve Collaboration: Foster
better communication and
teamwork among security engineers
through Scrum-ban’s emphasis on
collaboration and transparency.
•Increase Responsiveness: Deliver
security solutions faster and more
efficiently by leveraging Scrum-
ban’s iterative and incremental
approach.
The Avengers Assemble
•Improve Collaboration: Foster
better communication and
teamwork among security engineers
through Scrum-ban’s emphasis on
collaboration and transparency.
•Increase Responsiveness: Deliver
security solutions faster and more
efficiently by leveraging Scrum-
ban’s iterative and incremental
approach.
Work Day
The Avengers Assemble
•Daily Stand-ups: Compare the daily
stand-up meeting to the Avengers' pre-
mission briefing. It's short, to the point, and
ensures everyone knows what's
happening.
•Cross-Functional Teams: Explain how
Scrum-ban encourages different roles to
work together on a single security initiative.
•Iterative Approach: Discuss how Scrum-
ban’s incremental work cycles allow teams
to deliver a security fix in small,
manageable pieces.
The Avengers Assemble
•Daily Stand-ups: Compare the daily
stand-up meeting to the Avengers' pre-
mission briefing. It's short, to the point, and
ensures everyone knows what's
happening.
•Cross-Functional Teams: Explain how
Scrum-ban encourages different roles to
work together on a single security initiative.
•Iterative Approach: Discuss how Scrum-
ban’s incremental work cycles allow teams
to deliver a security fix in small,
manageable pieces.
Example
The Avengers Assemble
•The Flaw: A lack of communication
across teams led to a delayed
breach response at 23andMe.
•The Fix: Implement Daily Stand-ups
as a "Pre-Mission Briefing."
•The Benefit: The security team
flags the issue, and cross-functional
teams (Operations, Comms)
immediately take ownership of the
fix and the public response.
The Avengers Assemble
•The Flaw: A lack of communication
across teams led to a delayed
breach response at 23andMe.
•The Fix: Implement Daily Stand-ups
as a "Pre-Mission Briefing."
•The Benefit: The security team
flags the issue, and cross-functional
teams (Operations, Comms)
immediately take ownership of the
fix and the public response.
AI Use Case
The Avengers Assemble
•AI Code Review Assistant:
Automatically detects security flaws
in pull requests.
•Actionable Suggestions: AI
suggests code-level fixes directly.
•Benefit: Streamlines the review
process, enabling quicker, more
reliable deployments.
The Avengers Assemble
•AI Code Review Assistant:
Automatically detects security flaws
in pull requests.
•Actionable Suggestions: AI
suggests code-level fixes directly.
•Benefit: Streamlines the review
process, enabling quicker, more
reliable deployments.
Maintaining Adaptability
Maintaining Adaptability
The Cosmic Cube Framework
•Maintain Flexibility: Adapt to
changing security needs and
priorities with Scrum-ban’s adaptable
framework.
The Cosmic Cube Framework
•Maintain Flexibility: Adapt to
changing security needs and
priorities with Scrum-ban’s adaptable
framework.
Work Day
The Cosmic Cube Framework
•Continuous Improvement: Scrum-ban
encourages teams to constantly refine
their process, making them more
resilient to change.
•Pull-Based System: Explain how teams
"pull" work as they are ready, rather than
having it pushed on them, which allows
them to adjust priorities as needed.
•Adapt to Change: Emphasize how the
flexible nature of Scrum-ban allows
teams to pivot quickly to handle new,
unexpected threats.
The Cosmic Cube Framework
•Continuous Improvement: Scrum-ban
encourages teams to constantly refine
their process, making them more
resilient to change.
•Pull-Based System: Explain how teams
"pull" work as they are ready, rather than
having it pushed on them, which allows
them to adjust priorities as needed.
•Adapt to Change: Emphasize how the
flexible nature of Scrum-ban allows
teams to pivot quickly to handle new,
unexpected threats.
Example
The Cosmic Cube Framework
•The Failure: An optional MFA
feature created a weak point, leading
to months of exploitation.
•The Pivot: Upon detection,
immediately create an "Incident
Response" Swim Lane on the board.
•The Power of Pull: This flexible,
pull-based system instantly redirects
the entire team's focus from planned
work to the immediate crisis.
The Cosmic Cube Framework
•The Failure: An optional MFA
feature created a weak point, leading
to months of exploitation.
•The Pivot: Upon detection,
immediately create an "Incident
Response" Swim Lane on the board.
•The Power of Pull: This flexible,
pull-based system instantly redirects
the entire team's focus from planned
work to the immediate crisis.
AI Use Case
The Cosmic Cube Framework
•Utilize AI-Powered SOAR: Security
Orchestration, Automation, and Response
playbooks trigger immediate defense actions.
•Zero-Day Action: When a critical threat (like a
zero-day exploit) is detected, the AI automatically:
•Isolates affected systems.
•Creates a high-priority ticket on the
Scrum-ban board.
•Sends out immediate alerts to the team.
•Result: Enables a near-instantaneous, highly
adaptable security response, reducing human
intervention time.
The Cosmic Cube Framework
•Utilize AI-Powered SOAR: Security
Orchestration, Automation, and Response
playbooks trigger immediate defense actions.
•Zero-Day Action: When a critical threat (like a
zero-day exploit) is detected, the AI automatically:
•Isolates affected systems.
•Creates a high-priority ticket on the
Scrum-ban board.
•Sends out immediate alerts to the team.
•Result: Enables a near-instantaneous, highly
adaptable security response, reducing human
intervention time.
Scrum-ban: The Agile Avenger!!
Q&A
●
●
Resources
Manual
Linux Command: man man
•Build security, as more than bolt it on.
•Rely on empowered product teams, more than security specialists.
•Implement features securely, more than security features.
•Rely on continuously learning, more than end-of-phase gates.
•Adopt a few key practices deeply and universally, more than a comprehensive
set poorly and sporadically.
•Build on culture change, more than policy enforcement.
Linux Command: man man
•Build security, as more than bolt it on.
•Rely on empowered product teams, more than security specialists.
•Implement features securely, more than security features.
•Rely on continuously learning, more than end-of-phase gates.
•Adopt a few key practices deeply and universally, more than a comprehensive
set poorly and sporadically.
•Build on culture change, more than policy enforcement.
General Resources
Books, Website, and more
Books & Publications
•Application Security Program Handbook
by Derek Fisher
•Designing Secure Software by Loren
Kohnfelder
•Clean Code by Robert Martin
•Software Transparency by Chris Hugh
and Tony Turner
•Threats by Adam Shostack
Online
•SecurityChampionSuccessGuide.org
•attack.mitre.org
•nist.gov/itl/csd/secure-systems-and-
applications
•hockeyinjune.medium.com/product-
security-14127b5838ba
•santikris2003.medium.com/product-
security-dev-sec-tips-2fdb1698a3b3
•https://media.defense.gov/2023/Jun/
28/2003249466/-1/-1/0/
CSI_DEFENDING_CI_CD_ENVIRONMENTS.
PDF
•https://cheatsheetseries.owasp.org/
Books, Website, and more
Books & Publications
•Application Security Program Handbook
by Derek Fisher
•Designing Secure Software by Loren
Kohnfelder
•Clean Code by Robert Martin
•Software Transparency by Chris Hugh
and Tony Turner
•Threats by Adam Shostack
Online
•SecurityChampionSuccessGuide.org
•attack.mitre.org
•nist.gov/itl/csd/secure-systems-and-
applications
•hockeyinjune.medium.com/product-
security-14127b5838ba
•santikris2003.medium.com/product-
security-dev-sec-tips-2fdb1698a3b3
•https://media.defense.gov/2023/Jun/
28/2003249466/-1/-1/0/
CSI_DEFENDING_CI_CD_ENVIRONMENTS.
•https://cheatsheetseries.owasp.org/
Presentation Resources
Material Used
Case Study: The 23andMe Data Breach
•"The 23andMe Data Breach: Analyzing
Credential Stuffing Attacks, Security
Vulnerabilities, and Mitigation Strategies."
arXiv, 2025.
•"23andMe User Data Stolen in Credential
Stuffing Attack." The HIPAA Journal,
2023.
•"Case study: 23andMe data breach."
Michalsons, 2025.
•"The 23andMe Breach: Anatomy, Impact,
and Lessons for Genomic Security."
Sekurno, 2025.
Supporting Research
•Lark. The Ultimate Guide to Kanban for
Cybersecurity Teams.
•Hook Security. How Cross-Functional
Collaboration Boosts Cybersecurity
Resilience.
•ISACA. State of Cybersecurity 2024.
•Bank of America Securities. Key Themes
in Cybersecurity.
•Cyber Security Tribe. The Importance of
Adaptability in Incident Response.
Material Used
Case Study: The 23andMe Data Breach
•"The 23andMe Data Breach: Analyzing
Credential Stuffing Attacks, Security
Vulnerabilities, and Mitigation Strategies."
arXiv, 2025.
•"23andMe User Data Stolen in Credential
Stuffing Attack." The HIPAA Journal,
2023.
•"Case study: 23andMe data breach."
Michalsons, 2025.
•"The 23andMe Breach: Anatomy, Impact,
and Lessons for Genomic Security."
Sekurno, 2025.
Supporting Research
•Lark. The Ultimate Guide to Kanban for
Cybersecurity Teams.
•Hook Security. How Cross-Functional
Collaboration Boosts Cybersecurity
Resilience.
•ISACA. State of Cybersecurity 2024.
•Bank of America Securities. Key Themes
in Cybersecurity.
•Cyber Security Tribe. The Importance of
Adaptability in Incident Response.
About me
Software Engineer who is passionate
about clean secure code.
Helpdesk -> Software Engineer ->
Security -> DevSecOps -> Senior
Product Security Engineer
https://about.me/rockrunner
Software Engineer who is passionate
about clean secure code.
Helpdesk -> Software Engineer ->
Security -> DevSecOps -> Senior
Product Security Engineer
https://about.me/rockrunner
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1
- Slides 26
- Age 64 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views