Integrating Security into an Spotify Model (and using Squads for Security teams)

Track: DevSecOps
When: Wed PM-3
Where: Maulden
Organizers Stu Hirst Stu Hirst
Participants James WHarton , Jemma Davis-Smith Jemma Davis-Smith , Simon Pavillion , Dan Gapco Dan Gapco , John Killilea John Killilea , Naushad Saboor , Ann-Marie Grace Ann-Marie Grace , Christoph Jung Christoph Jung , Goher Mohammad Goher Mohammad , Robert Grace Robert Grace , David Cervigni David Cervigni , Dinis Cruz Dinis Cruz , Sotiraki Sima Sotiraki Sima , Felicia Hislop Felicia Hislop , Manuel Almeida Manuel Almeida , Alina Radu Alina Radu , David Jensen David Jensen , Fraser Scott Fraser Scott , Luis Saiz Luis Saiz , Pedro Laguna Pedro Laguna , Stu Hirst Stu Hirst


The Spotify model of Squads, Chapters, Tribes, and Guilds (using multiple Agile methodologies) has been adopted by many companies. It presents an opportunity to define global practices and activities that can be replicated across multiple teams, geographical locations, and cultures.

We need companies that have tried, failed, and succeeded to integrate security into a Spotify Model to share their experiences.

This working session will focus on increasing our knowledge of how best to integrate Agile Security into the Spotify model.

We will also explore how Security Teams can use the Squads model themselves, as a way to organise and focus the multiple projects driven by those teams.


  • Which security activities can be integrated into the Spotify Model?
  • What worked?
  • Does it make sense to integrate security into a Spotify Model?
  • What are the best practices?
  • How should these practices be measured?


  • Best practice cheat sheet for integrating Agile Security into the Spotify model


The target audience for this Working Session is:

  • Security professionals
  • CISOs
  • Agile practitioners
  • DevSecOps
  • SecDevOps


Previous Summit Working Session

Register as participant

To register as participant add Integrating Security into an Spotify Model (and using Squads for Security teams) to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions