Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Jon Rose
September 09, 2015
Technology
190
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
560
Builders Vs. Breakers AppSec 2012
jonrose
2
240
Rich Internet Application Security
jonrose
2
110
Dynamic App Patching
jonrose
2
100
Cloudy with a chance of 0-day
jonrose
1
100
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
220
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
160
CodeSearch0day
jonrose
1
74
Other Decks in Technology
See All in Technology
[AWS Summit Japan 2026]迷っているあなたへ_小さな一歩が、やがて自分を助けてくれる
sh_fk2
2
420
事業会社における 機械学習・推薦システム技術の活用事例と必要な能力 / ml-recsys-in-layerx-wantedly-2026
yuya4
0
160
10年間のブログ発信を振り返って見えたWebアプリケーションエンジニアとしての軌跡
stefafafan
0
190
時期が悪い!それでもRaspberry Piを買って遊んで活用するには / 20260627-osc26do-rpi-jikigawarui
akkiesoft
1
880
初めてのDatabricks勉強会
taka_aki
2
170
不要なレビューをAIにまかせて AIコーディングの環境改善を加速した
shoota
1
270
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
330
気軽に使える"情報のハブ"としてのNotion活用 〜フロー情報の集積点 と、 Claude Code × Notion AI〜
syucream
1
210
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
1
210
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
hiroramos4
PRO
1
440
Oracle Cloud Infrastructure:2026年6月度サービス・アップデート
oracle4engineer
PRO
1
360
ご挨拶「10周年を迎える共創ラボのこれまでとこれから」
iotcomjpadmin
0
140
Featured
See All Featured
Discover your Explorer Soul
emna__ayadi
2
1.1k
Mobile First: as difficult as doing things right
swwweet
225
10k
Game over? The fight for quality and originality in the time of robots
wayneb77
1
210
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
250
Music & Morning Musume
bryan
47
7.2k
Balancing Empowerment & Direction
lara
6
1.2k
Code Reviewing Like a Champion
maltzj
528
40k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
400
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
210
Exploring anti-patterns in Rails
aemeredith
3
430
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.6k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!