Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
170
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Rich Internet Application Security
jonrose
2
94
Dynamic App Patching
jonrose
2
69
Cloudy with a chance of 0-day
jonrose
1
74
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
140
CodeSearch0day
jonrose
1
64
Other Decks in Technology
See All in Technology
OpenTelemetry が拡げる Gemini CLI の可観測性
phaya72
2
2.2k
HonoとJSXを使って管理画面をサクッと型安全に作ろう
diggymo
0
170
まだ間に合う! 2025年のhono/ssg事情
watany
3
630
デザインとエンジニアリングの架け橋を目指す OPTiMのデザインシステム「nucleus」の軌跡と広げ方
optim
0
100
AIエージェント入門 〜基礎からMCP・A2Aまで〜
shukob
1
170
FinOps について (ちょっと) 本気出して考えてみた
skmkzyk
0
210
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
難しいセキュリティ用語をわかりやすくしてみた
yuta3110
0
380
知覚とデザイン
rinchoku
1
520
Behind Postgres 18: The People, the Code, & the Invisible Work | Claire Giordano | PGConfEU 2025
clairegiordano
0
110
CREが作る自己解決サイクルSlackワークフローに組み込んだAIによる社内ヘルプデスク改革 #cre_meetup
bengo4com
0
320
現場の壁を乗り越えて、 「計装注入」が拓く オブザーバビリティ / Beyond the Field Barriers: Instrumentation Injection and the Future of Observability
aoto
PRO
1
250
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
65
7.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
Navigating Team Friction
lara
190
15k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Documentation Writing (for coders)
carmenintech
75
5.1k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
RailsConf 2023
tenderlove
30
1.3k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Why Our Code Smells
bkeepers
PRO
340
57k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!