A recent article at IT World considers questions about the relationship between Agile training, particularly certified scrum master (CSM) and certified scrum product owner (CSPO) training on the one hand, and information technology security on the other. The article points out that researchers at the Munich University of Applied Sciences recently published a paper explaining perceived security vulnerabilities in scrum methodology. The paper goes on to modify that methodology, outlining alternative CSM and CSPO training that attempts to put specific focus on the production of secure code.
But IT World also quoted Jeff Sutherland, one of the creators of the scrum methodology, as saying that he doesn’t believe the research demonstrates that traditional CSPO training implicitly encourages vulnerabilities. Indeed, he argues that there is a demonstrated history of scrum resulting in secure information technology products.
Still, the paper finds that people who received the new, secure CSM and CSPO training wrote code that avoided security vulnerabilities to a much greater degree than people who received CSM and CSPO training under the older methods. But as with any pilot project or new area of academic study, more research is needed to demonstrate exactly why this is.
We would venture to guess that a security focus in any USA agile training does tend to lead to actual improvements in security outcomes. That’s fairly obvious. The more attention that you give to one area of information technology training, the more aware of it the student will be. But this fact also illustrates that there’s probably another solution to the problem of security vulnerabilities, whether you’re the recipient of agile training or the head of a firm that is looking to make security-conscious information technology job placements.
Such a solution doesn’t require revamping the existing methods of certified scrum product owner training, much less looking as far away as Munich University for effective online information technology training. Instead, it simply requires diversifying your own or your employees’ list of certifications and completed software training courses.
Presumably, the reason why secure scrum is effective is because it simultaneously focuses on traditional CSM and CSPO training as well as specific, modern security vulnerabilities, not just one or the other. But anyone who has received CSPO training and, for instance, quality analyst training or systems analyst training, will be capable of the same outcomes. The reason why security vulnerabilities crop up in scrum methodology is simply a function of whether or not the individual participants in a scrum, especially the scrum master and product owner, have the relevant information technology training to detect and avoid those vulnerabilities.
It’s well worth being aware of this problem, especially if you understand that you can solve it immediately, without waiting for new methodologies or sources of online information technology training to emerge. Contact an online information technology consultancy in California or your local area, and explore the types of peripheral IT training you can pursue in order to address security vulnerabilities or any other common problems within the framework of your firm’s methodologies.
Naturally, the benefit of diversifying your IT training goes well beyond avoiding demonstrated deficiencies. It makes you more likely to detect and compensate for the deficiencies that no one has noticed yet, and thus makes you a much more valuable employee, with a wider range of options as to where to take your talents in the future. And given what we’ve said in the past about the high level of demand for professionals with advanced training in information technology security, the value of blending this with CSM, CSPO, and any number of other certifications should be obvious.