How can security assurance (SA) be applied in agile software development? This presentation discusses reasons for misalignment between agile and SA practices, as well as compatible or even mutually reinforcing techniques. The intuitive concept of evil user stories is explored, and the more wholesome and formal approach of Microsoft, SDL/Agile, is outlined.