Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
160
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
510
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
91
Dynamic App Patching
jonrose
2
64
Cloudy with a chance of 0-day
jonrose
1
68
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
190
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
120
CodeSearch0day
jonrose
1
51
Other Decks in Technology
See All in Technology
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
マイクロサービスにおける容易なトランザクション管理に向けて
scalar
0
140
日本版とグローバル版のモバイルアプリ統合の開発の裏側と今後の展望
miichan
1
130
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
160
宇宙ベンチャーにおける最近の情シス取り組みについて
axelmizu
0
110
サーバレスアプリ開発者向けアップデートをキャッチアップしてきた #AWSreInvent #regrowth_fuk
drumnistnakano
0
200
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
0
200
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
260
C++26 エラー性動作
faithandbrave
2
760
組織に自動テストを書く文化を根付かせる戦略(2024冬版) / Building Automated Test Culture 2024 Winter Edition
twada
PRO
17
4.6k
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
ブラックフライデーで購入したPixel9で、Gemini Nanoを動かしてみた
marchin1989
1
540
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.1k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
The Pragmatic Product Professional
lauravandoore
32
6.3k
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
Why Our Code Smells
bkeepers
PRO
335
57k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Imperfection Machines: The Place of Print at Facebook
scottboms
266
13k
Building Your Own Lightsaber
phodgson
103
6.1k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!