Building in Security at Agile Speed

Today's high-speed and rapidly changing development environments demand equally high-speed security practices. Still, achieving security remains a human endeavor, a core part of designing, generating and verifying software. Dr. James Ransome and Brook S.E. Schoenfield have built upon their previous works to explain that security starts with people; ultimately, humans generate software security. People collectively act through a particular and distinct set of methodologies, processes, and technologies that the authors have brought together into a newly designed, holistic, generic software development lifecycle facilitating software security at Agile, DevOps speed.

-Eric. S. Yuan, Founder and CEO, Zoom Video Communications, Inc.

It is essential that we embrace a mantra that ensures security is baked in throughout any development process. Ransome and Schoenfield leverage their abundance of experience and knowledge to clearly define why and how we need to build this new model around an understanding that the human element is the ultimate key to success.

-Jennifer Sunshine Steffens, CEO of IOActive

Both practical and strategic, Building in Security at Agile Speed is an invaluable resource for change leaders committed to building secure software solutions in a world characterized by increasing threats and uncertainty. Ransome and Schoenfield brilliantly demonstrate why creating robust software is a result of not only technical, but deeply human elements of agile ways of working.

-Jorgen Hesselberg, author of Unlocking Agility and Cofounder of Comparative Agility

The proliferation of open source components and distributed software services makes the principles detailed in Building in Security at Agile Speed more relevant than ever. Incorporating the principles and detailed guidance in this book into your SDLC is a must for all software developers and IT organizations. -George K Tsantes, CEO of Cyberphos, former partner at Accenture and Principal at EY

Detailing the people, processes, and technical aspects of software security, Building in Security at Agile Speed emphasizes that the people element remains critical because software is developed, managed, and exploited by humans. This book presents a step-by-step process for software security that uses today's technology, operational, business, and development methods with a focus on best practice, proven activities, processes, tools, and metrics for any size or type of organization and development practice.

Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage cybersecurity startup, and continues to do ad hoc consulting. He also serves on the Board of Directors for the Bay Area CSO Council. Most recently, Dr. Ransome was the Senior Director, Security Development Lifecycle (SDL) Engineering, in the Intel Product Security and Assurance, Governance and Operations (IPAS GO) Group, where he led and developed a team of SDL engineers, architects, and product security experts that implemented and drove security practices across all of Intel. Prior to that, he was the Senior Director of Product Security and PSIRT at Intel Security and McAfee, LLC. Over a six-year period, he built, managed, and enhanced a developer-centric, self-sustaining, and scalable software security program, with an extended team of 120 software security architects embedded in each product team. All of this was a result of implementing and enhancing the model described in his most recent book, Core Software Security: Security at the Source, which has become a standard reference for many corporate security leaders who are responsible for developing their own SDLs.

Brook S. E. Schoenfield is the author of Secrets of a Cyber Security Architect, Securing Systems: Applied Security Architecture and Threat Models, and Chapter 9: Applying the SDL Framework to the Real World in Core Software Security: Security at the Source. He has been published by CRC Press, Auerbach, SANS Institute, Cisco, SAFECode, and the IEEE. Occasionally, he even posts to his security architecture blog, brookschoenfield.com.

Dr. James Ransome是CyberPhos的首席科學家，CyberPhos是一家初創的網絡安全公司，他還繼續提供臨時咨詢服務。他還擔任灣區CSO委員會的董事會成員。最近，Dr. Ransome在Intel Product Security and Assurance, Governance and Operations (IPAS GO) Group擔任高級主管，負責安全開發生命周期（SDL）工程，他領導並發展了一個由SDL工程師、架構師和產品安全專家組成的團隊，並在Intel的所有領域實施和推動安全實踐。在此之前，他在Intel Security和McAfee, LLC擔任產品安全和PSIRT的高級主管。在六年的時間裡，他建立、管理和增強了一個以開發人員為中心、自我支持且可擴展的軟件安全計劃，並在每個產品團隊中嵌入了一支由120名軟件安全架構師組成的擴展團隊。所有這些都是根據他最近一本書《Core Software Security: Security at the Source》中描述的模型的實施和增強的結果，該書已成為許多企業安全負責人開發自己的SDL的標準參考資料。

Brook S. E. Schoenfield是《Secrets of a Cyber Security Architect》、《Securing Systems: Applied Security Architecture and Threat Models》以及《Core Software Security: Security at the Source》第9章的作者。他的作品由CRC Press、Auerbach、SANS Institute、Cisco、SAFECode和IEEE出版。偶爾，他還會在他的安全架構博客brookschoenfield.com上發表文章。