Using Security Risks to Measure Agile Practices


A key problem of Agile practices in large organisations is ‘how to measure them?’

If you have 10 squads/teams across multiple buildings/countries, how do you measure their ‘level of agility’?

This Working Session will explore the use of Security Risks as a way to measure and visualise those practices. The core idea is that the less Agile a team is, the more risks it will have and the harder it will be to make code changes/deployments.


  • Defining the Risk metrics to look for (code deployments, patching issues, ‘time to fix vulns’ ratios, re-occurrence of bugs/vulnerabilities, missed deadlines, etc…)
  • Creating dashboards to visualise the data collected
  • What other metrics can be used to measure Agile Practices (outside risk)
  • How is this currently being tracked?


  • Agreed list of risk metrics
  • Dashboards that visualise the data collected


The target audience for this Working Session is:

  • Security professionals
  • CISOs
  • Agile practitioners

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)


…add content…

Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here