Way beyond the justification of ad-hoc investments and pet-projects for the CISO, metrics have to be at the heart of the sound security practice, but they must be focused on tracking progress in time in support of a long-term transformative vision.
Are Nexus (Scrum) and Large Scale Scrum (LeSS) related somehow? What do they have in common? How do they differ?
The CISO role has never been more important. The firms that fail at appointing a new CISO are those which rush and push an inexperienced techie in a poorly defined role. Positioning the role accurately in relation to the firm’s objectives around security, thinking it as a senior leadership role, and taking the time to find the right leader are the keys to long-term success.
How much do the original Lean and Agile grate against each other. Can they cohabit peacefully? Or is it better to keep them apart and let each do what they do best in their own way?