Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Agile Security

Jon Rose
September 09, 2015
Technology
1
160

Agile Security

A story about becoming agile.

Jon Rose

September 09, 2015
Tweet

More Decks by Jon Rose

See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
490
Builders Vs. Breakers AppSec 2012
jonrose
2
200
Rich Internet Application Security
jonrose
2
82
Dynamic App Patching
jonrose
2
62
Cloudy with a chance of 0-day
jonrose
1
66
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
170
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
110
CodeSearch0day
jonrose
1
51

Other Decks in Technology

See All in Technology
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
3
240
強みを伸ばすキャリアデザイン
yug1224
0
200
o11y入門_外形監視を利用したWebアプリケーションへの最適なモニタリング_TechBrew
k5k
3
100
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
2
320
クラウドサインにおけるプロダクトマネージャーの役割と開発プロセス / 20240410_cloudsign-PdM
bengo4com
1
680
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
3
2.4k
長期運用プロジェクトでのMySQLからTiDB移行の検証
colopl
2
660
普段有償でサポート業務をしているCSAが技術知見を無料で公開する理由
07jp27
1
640
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
1
190
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
200
[2024年3月版] Databricksのシステムアーキテクチャ
databricksjapan
8
1.9k
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
masahirokawahara
6
5.9k

Featured

See All Featured
Optimising Largest Contentful Paint
csswizardry
7
2.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
The Language of Interfaces
destraynor
151
23k
Gamification - CAS2011
davidbonilla
76
4.6k
Optimizing for Happiness
mojombo
370
69k
How STYLIGHT went responsive
nonsquared
92
4.8k
Clear Off the Table
cherdarchuk
83
310k
Typedesign – Prime Four
hannesfritz
36
2.1k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
38k
10 Git Anti Patterns You Should be Aware of
lemiorhan
646
57k
Large-scale JavaScript Application Architecture
addyosmani
503
110k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
356
22k

Transcript

  1. This is a story about becoming Agile Jon Rose |

    OWASP NYC 9.2015

  2. Previously in Security…

  3. Security work was primarily Outsourced

  4. Limited hands-on, technical work

  5. 5   Security  Program  Update   Chasing Fires

  6. Way too many meetings

  7. 7   Security  Program  Update   Too Much Too Fast

  8. Does this sound familiar?

  9. 9   Security  Program  Update  

  10. Our Solution: Agile Security Security  Opera6ons  Center  

  11. Goal Better communication within teams

  12. Goal New and streamlined processes between teams

  13. Goal Reduce reliance on email and meetings

  14. Goal Identify & Manage Ad Hoc work Security  Opera6ons  Center

     

  15. Goal Better estimation of tasks & projects Security  Opera6ons  Center

     

  16. Goal Clear ownership and responsibility

  17. Agile Framework

  18. Backlog A place to track all work items as small

    tasks ~30m to 2.5d

  19. Sprints Two-week period working on specific backlog tasks

  20. Daily Standup/Scrum: 15m What I did yesterday What I am

    doing today Any issues

  21. Retrospective Time to reflect and improve

  22. Unscheduled Ad Hoc incoming work requests, reviewed daily

  23. Guiding Principals

  24. Eliminate Scope Creep No new tasks in an active sprint

  25. Meet Commitments Finish everything in a sprint

  26. Team ownership •  Tasks •  Prioritization •  Details •  Estimating

    •  Scrum meeting

  27. Lean Management Just in time delivery

  28. The Results? Unscheduled Work Metrics Clear Tasks and Owners Better

    Estimation Continuous Improvement

  29. One Takeaway…

  30. Retrospective Making Good Teams Great

  31. Next Steps?

  32. We’re Hiring! Email Matt: [email protected]  

  33. Jon Rose | OWASP NYC 9.2015 Thanks!