Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
160
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
500
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
91
Dynamic App Patching
jonrose
2
63
Cloudy with a chance of 0-day
jonrose
1
67
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
180
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
120
CodeSearch0day
jonrose
1
51
Other Decks in Technology
See All in Technology
ネット広告に未来はあるか?「3rd Party Cookie廃止とPrivacy Sandboxの効果検証の裏側」 / third-party-cookie-privacy
cyberagentdevelopers
PRO
1
130
visionOSでの空間表現実装とImmersive Video表示について / ai-immersive-visionos
cyberagentdevelopers
PRO
1
110
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
170
Forget efficiency – Become more productive without the stress
ufried
0
150
顧客が本当に必要だったもの - パフォーマンス改善編 / Make what is needed
soudai
24
6.8k
Fargateを使った研修の話
takesection
0
120
【技術書典17】OpenFOAM(自宅で極める流体解析)2次元円柱まわりの流れ
kamakiri1225
0
220
Figma Dev Modeで進化するデザインとエンジニアリングの協働 / figma-with-engineering
cyberagentdevelopers
PRO
1
430
10分でわかるfreeeのQA
freee
1
3.4k
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
1
180
ガチ勢によるPipeCD運用大全〜滑らかなCI/CDを添えて〜 / ai-pipecd-encyclopedia
cyberagentdevelopers
PRO
3
210
新R25、乃木坂46 Mobileなどのファンビジネスを支えるマルチテナンシーなプラットフォームの全体像 / cam-multi-cloud
cyberagentdevelopers
PRO
1
130
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Imperfection Machines: The Place of Print at Facebook
scottboms
264
13k
Speed Design
sergeychernyshev
24
570
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
Into the Great Unknown - MozCon
thekraken
31
1.5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Done Done
chrislema
181
16k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.6k
GraphQLとの向き合い方2022年版
quramy
43
13k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
Agile that works and the tools we love
rasmusluckow
327
21k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!