Bottleneck to Bridge: Evolving Collaboration for Secure Agile Delivery
Details
In many organizations, Scrum delivery teams and security teams often find themselves at odds—one driven by speed, the other by risk avoidance & mitigation. But what if these teams aligned around a shared goal: delivering fast, iteratively, and securely?
At WorkSafeBC, our Enterprise DevOps group supports over 400 business applications across 15+ Scrum teams. Our DevSecOps team, though small and mighty, plays a critical role—partnering with Enterprise Development Operations, Enterprise Platform Operations, Innovation, Analytics, and Advanced Technology teams to complete 385 security reviews, 15 security consults, 10 threat models, and 7 penetration tests every month.
By the end of 2024, DevSecOps was perceived as a major delivery bottleneck. Processes and requests lacked clarity, and wait times for security reviews, threat models, and PEN tests were long. Enterprise DevOps complained without understanding the complexity, workload and priorities within DevSecOps while not taking security seriously. In response, we introduced an “invisible force”—a shift in prioritization, request screening and process that replaced the existing PI planning requests with a transparent and efficient model.
Today, DevSecOps is no longer seen as a major blocker. Join us to explore what changed, what challenges remain, and how we’re continuing to evolve our collaboration to deliver securely, iteratively, and at speed.
# About the Speakers
Anita Siebold is a 30-year IT veteran whose career spans roles as a developer, systems analyst, project and program manager, IT Manager, Scrum Master, Release Train Engineer and Agile Coach. With experience leading initiatives across infrastructure, commercial off-the-shelf solutions, and greenfield development, Anita brings a deep understanding of both legacy systems and modern delivery practices.
Garima Aggarwal is a seasoned cybersecurity leader with over 22 years of experience securing complex business systems across diverse industries, including banking, telecommunications, retail, and insurance. As the Manager of Cybersecurity Architecture and Compliance, she brings deep expertise in DevSecOps, Identity and Access Management (IAM), cybersecurity architecture, risk management, and regulatory compliance.
Mathew Mathai is a passionate project manager and author of [PM4K] Project Management for Kids