Using Security Risks to Measure Agile Practices


A key problem of Agile practices in large organisations is ‘how to measure them?’.

If you have 10 squads/teams across multiple buildings/countries, how do you measure their ‘level of agility’?

This Working Session will explore the use of Security Risks as a way to measure and visualise those practices. The core idea is that the less Agile a team is, the more risks it will have and the harder it will be to make code changes/deployments.


  • Defining the Risk metrics to look for (code deployments, patching issues, ‘time to fix vulns’ ratios, re-occurrence of bugs/vulnerabilities, missed deadlines, etc…)
  • Creating dashboards to visualise the data collected
  • What other metrics can be used to measure Agile Practices (outside risk)
  • How is this currently being tracked?


The target audience for this Working Session is:

  • Security professionals
  • CISO’s
  • Agile practitioners

Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here