Bringing the Dawn of Security & Compliance to Project Teams

Most of the work done by Indian software companies is contract work. Phases of the SDLC are delivered to the customer as per the requirements. The focus is on speed, and ensuring that the business requirements are covered.

This approach leaves out: Performance/ Availability (Site reliability in most cases) of the code, prevention of corner case defects, contract compliance and data protection. The last one is gaining importance with the adoption of data security and privacy regulations and enforcement of contractual penalty clauses. Retrofitting any of the above is counterproductive, taking more effort than any measurable benefit attained. Instead, these aspects have to be built into the SDLC from the get go.

This paper walks through my experience in creating, piloting, and rolling out a org-wide initiative to awaken the PM community to these non-functional requirements and implicit expectations of the customer. The objectives of the initiative were to create a lightweight framework that would allow early detection of gaps, track corrective actions, and provide feedback on residual risk for the project. The framework was designed to be easy to administer, and quick to respond, with minimal additional information apart from the project definition itself.

Vivek Mathur

A change agent focused on delivering results, with a track record of 25 years in overhauling software product development processes. Demonstrated skill in driving transformation across P&L, spearheading initiatives in Cyber Security, Quality Engineering, & DevSecOps. Strategic integration of Security & Quality Engineering practices to streamline the SDLC, minimizing rework and maximizing efficiency. Recognized for adept management of global testing organizations. Actively seeking leadership positions within dynamic software firms to drive strategic vision and promote innovation for organizational success.