Why agility is essential for effective cybersecurity


While Agile ways of working are traditionally seen as being most usefully applied to software production processes, there is much that can be gained by looking at cybersecurity through an Agile mindset. Hackers and their attacks are in a constant state of proactive evolution – and here’s why cyber security approaches must stay flexible to stay one step ahead. 

What does Agile actually mean?

Agile is a term used to refer to a collection of different product development approaches and mindsets used by organisations operating in complex environments where needs and expectations fluctuate continually. The term was first coined by the emerging software industry in the 1990s and popularised in a widespread way during the early 2000s.

But Agile is not simply a framework for completing work, but a particular attitude towards work and a reshaping of team culture. The core Agile values are:

  • Individuals and interactions over processes and tools.
  • Working software over comprehensive documentation.
  • Customer collaboration over contract negotiation.
  • Responding to change over following a plan.

All Agile approaches are united by a focus on improving work flow for better collaboration, more creativity and faster value delivery to the customer.

 What benefits can Agile offer to cybersecurity?

Successful hackers are successful precisely because of their agility – they are flexible in their approach, they quickly pivot attacks to capitalise on public events and the needs and concerns that unite people worldwide. As we saw during the COVID-19 pandemic in 2020, numerous scams quickly emerged, ranging from bogus virus maps to fake online sales of PPE. So let’s look at how the four core Agile values can enhance counterattacks on ruthless hackers who are continuously evolving their tactics and techniques. 

Individuals and interactions over processes and tools: This is perhaps one of the most important Agile principles to embody in any cybersecurity program. Because, while technology can assist in maintaining security, it only works as well as the people who are using it. The majority of cyber attacks succeed due to human error, so foregrounding individuals, their behaviour and interaction with online content cannot be underestimated when it comes to maintaining a secure online environment. 

Customer collaboration over contract negotiation: Too often employees can see cybersafe policies and practises as an additional level of governance and regulation that they don’t need, and a barrier to their autonomy and inspiration. A sense of freedom and independence is what’s needed to create the right culture and environment for success in implementation and adoption of new processes and knowledge, so it’s important that employees feel they are fully involved collaborators in cybersecurity rather than being held back by organisational red tape. 

Responding to change over following a plan and working software over comprehensive documentation: Hackers move fast and so must secure technology. Developments in approaches to countering cyberattack or implementing new systems and processed sometimes need to occur very rapidly to prevent damage occurring. While documentation and policy and procedures have an important place in security measures, working software is essential. 

Victoria University case study

Over the last 12 months, Victoria University (VU)’s IT Services department, including Cybersecurity and Risk teams, transitioned to a new way of working. Named the IGNITE (Inclusive, Grow-in-Numbers, Innovate, Trust, Evolve) framework, the delivery model is a bespoke Agile framework combining Scrum, SAFe, Lean Six Sigma and Kanban practices.

The framework champions employee engagement and empowerment with a collective mindset focused on innovation and collaboration which has proven successful for solving emergent business problems, including cybersecurity threats and challenges.