Mennesker, organisasjon og teknologi
Kinoen sal 1
Dr. Daniela S. Cruzes, SINTEF and Espen Agnalt Johansen, Visma
In this talk we will share the experiences of teams that are working on Security Activities in self-managed Teams in VISMA. The overall goal is to help teams to be self-managed on software security activities. Still as a large organization, there is some need of control/governance. We have been running a project for 3 years now on the understanding of how teams that adopt/use security activities in these teams, which practices are adopted, challenges faced, among others. In a broader perspective, this talk present part of a research project named SoS-Agile, financed by the Research Council of Norway (https://www.forskningsradet.no/prosjektbanken/#/project/NFR/247678). The research in this project aims on helping practitioners to improve their working practices by identifying possible gaps in the security approaches, understand how the adoption of security activities in the software development can be improved in different organizations.
Dr. Daniela S. Cruzes is a senior research scientist at SINTEF. Previously, she was adjunct associate professor at the Norwegian University of Science and Technology (NTNU). She worked as a researcher fellow at the University of Maryland and Fraunhofer Center for Experimental Software Engineering-Maryland. Dr. Daniela Cruzes is the project manager of the SoS-Agile (Science of Security for Agile software Development) project funded by the Research Council of Norway. Her interests are agile software development, software security, global software engineering, empirical research methods, theory development and synthesis of software engineering studies.
Espen is a former Norwegian Military Officer, specialized in Information Security. In the information Security domain, Espen is passionate about practical implementation of security features to assist agile teams in their efforts to be innovative. Espen manages the Security of Visma`s agile R&D and spends most of his time inside the SDLC. He also spends time in the SecDevOps part of the world.