Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
160
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
510
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
92
Dynamic App Patching
jonrose
2
65
Cloudy with a chance of 0-day
jonrose
1
70
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
190
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
130
CodeSearch0day
jonrose
1
56
Other Decks in Technology
See All in Technology
PagerDuty×ポストモーテムで築く障害対応文化/Building a culture of incident response with PagerDuty and postmortems
aeonpeople
3
510
生成AIのユースケースをとにかく集めてまるっと学ぶ!/ all about generative ai usecases
gakumura
3
330
テストって楽しい!開発を加速させるテストの魅力 / Testing is Fun! The Fascinating of Testing to Accelerate Development
aiandrox
0
150
AWS全冠芸人が見た世界 ~資格取得より大切なこと~
masakiokuda
6
6.5k
QA/SDETの現在と、これからの挑戦
imtnd
0
170
AZ 名とAZ ID の違いを 何度でも言うよ
miu_crescent
PRO
0
110
SREからゼロイチプロダクト開発へ ー越境する打席の立ち方と期待への応え方ー / Product Engineering Night #8
itkq
2
1.1k
Aspire をカスタマイズしよう & Aspire 9.2
nenonaninu
0
340
AIでめっちゃ便利になったけど、結局みんなで学ぶよねっていう話
kakehashi
PRO
1
490
Linuxのパッケージ管理とアップデート基礎知識
go_nishimoto
0
700
GraphQLを活用したリアーキテクチャに対応するSLI/Oの再設計
coconala_engineer
0
170
Web Intelligence and Visual Media Analytics
weblyzard
PRO
1
5.9k
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
The Straight Up "How To Draw Better" Workshop
denniskardys
233
140k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
Rails Girls Zürich Keynote
gr2m
94
13k
How STYLIGHT went responsive
nonsquared
100
5.5k
Designing for humans not robots
tammielis
253
25k
VelocityConf: Rendering Performance Case Studies
addyosmani
329
24k
It's Worth the Effort
3n
184
28k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Become a Pro
speakerdeck
PRO
28
5.3k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt: crowm@dnb.com
Jon Rose | OWASP NYC 9.2015 Thanks!
jonrose
aeonpeople
gakumura
aiandrox
masakiokuda
imtnd
miu_crescent
itkq
nenonaninu
kakehashi
go_nishimoto
coconala_engineer
weblyzard
keithpitt
denniskardys
tammyeverts
gr2m
nonsquared
tammielis
addyosmani
3n
bkeepers
morganepeng
speakerdeck
