Integrating Security into a Portfolio Kanban

Integrating security into sales channels is extremely important to every organisation that has a strong sales-driven component. In most cases, information security professionals must re-engineer processes and perform other tasks to oversee the current sales streams across different products.


Integrating information security into the Portfolio Kanban enables organisations to have fully secure workstreams through every stage of the project development cycle. In the agile world, the integration of security must start at the earliest possible stage, which in most cases is the portfolio management workstream definition stage. This is a stage that normally utilises Kanban. This session will discuss the challenges and advantages of that approach and how to plan and execute this model across environments.

The main purpose of this working session is to discuss and discover new ways of integrating information security into established sales channel workstreams within an organisation. Usually, such organisations utilise a B2B model, and most of the requirements for new components and features come directly from the customer. This session will discuss how to achieve visibility over the process, how to ensure that the process is secure, and how to ensure that the sales channel workstreams have security controls and processes within them.


  • What is a scaled agile framework?
  • How to plan and execute the Portfolio Kanban security integration
  • What are the challenges and opportunities for process optimisation?
  • What are the challenges of integrating and optimising security into the sales channels?
  • How to mobilise programme management on security integration
  • How to create security flows towards MVP development
  • Educating and training the relevant parties
  • Process re-engineering to fit security needs
  • Automating security over sales workstreams


  • Playbook that defines staged industry best practices on how to integrate security into the general programme management workflow

Synopsis and Takeaways

Ante Gulam drove a lively, participatory conversation; the conclusion being that while the idea is interesting, the scope, structure, processor and profile are difficult to scale and standardize. Any playbook would have to be tailored to a specific organization’s needs.

Outline Playbook.

Stage 1 Standardize the concept

Stage 2 Create Security Champions in Programme Management Plan meetings which include Security Champions

Stage 3 Tagging by Security Champions Tagging can also be outsourced to Programme Management

Stage 4 Defining SLAs Security review by security squad

Stage 5 SDLC security process


The target audience for this Working Session is:

  • Security Professionals
  • CISOs
  • DevSecOps
  • SecDevOps
  • Agile practitioners
  • Agile coaches
  • Project and programme managers

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)

Back to list of all Working Sessions and Tracks

Edit this page here