Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Agile Security

Jon Rose
September 09, 2015
Technology
1
160

Agile Security

A story about becoming agile.

Jon Rose

September 09, 2015
Tweet

More Decks by Jon Rose

See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
510
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
91
Dynamic App Patching
jonrose
2
64
Cloudy with a chance of 0-day
jonrose
1
68
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
190
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
120
CodeSearch0day
jonrose
1
52

Other Decks in Technology

See All in Technology
ドメイン駆動設計の実践により事業の成長スピードと保守性を両立するショッピングクーポン
lycorptech_jp
PRO
12
2.2k
embedパッケージを深掘りする / Deep Dive into embed Package in Go
task4233
1
220
AWSサービスアップデート 2024/12 Part3
nrinetcom
PRO
0
140
20250116_自部署内でAmazon Nova体験会をやってみた話
riz3f7
1
100
なぜfreeeはハブ・アンド・スポーク型の データメッシュアーキテクチャにチャレンジするのか?
shinichiro_joya
2
490
「隙間家具OSS」に至る道/Fujiwara Tech Conference 2025
fujiwara3
7
6.5k
AIアプリケーション開発でAzure AI Searchを使いこなすためには
isidaitc
0
110
メールヘッダーを見てみよう
hinono
0
110
技術に触れたり、顔を出そう
maruto
1
150
月間60万ユーザーを抱える 個人開発サービス「Walica」の 技術スタック変遷
miyachin
1
140
2025年のARグラスの潮流
kotauchisunsun
0
790
Copilotの力を実感! 3ヶ月間の生成AI研修の試行錯誤&成功事例をご紹介。果たして得たものとは・・?
ktc_shiori
0
350

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
BBQ
matthewcrist
85
9.4k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
The Language of Interfaces
destraynor
155
24k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
GraphQLとの向き合い方2022年版
quramy
44
13k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
The World Runs on Bad Software
bkeepers
PRO
66
11k
Thoughts on Productivity
jonyablonski
68
4.4k
Making Projects Easy
brettharned
116
6k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k

Transcript

  1. This is a story about becoming Agile Jon Rose |

    OWASP NYC 9.2015

  2. Previously in Security…

  3. Security work was primarily Outsourced

  4. Limited hands-on, technical work

  5. 5   Security  Program  Update   Chasing Fires

  6. Way too many meetings

  7. 7   Security  Program  Update   Too Much Too Fast

  8. Does this sound familiar?

  9. 9   Security  Program  Update  

  10. Our Solution: Agile Security Security  Opera6ons  Center  

  11. Goal Better communication within teams

  12. Goal New and streamlined processes between teams

  13. Goal Reduce reliance on email and meetings

  14. Goal Identify & Manage Ad Hoc work Security  Opera6ons  Center

     

  15. Goal Better estimation of tasks & projects Security  Opera6ons  Center

     

  16. Goal Clear ownership and responsibility

  17. Agile Framework

  18. Backlog A place to track all work items as small

    tasks ~30m to 2.5d

  19. Sprints Two-week period working on specific backlog tasks

  20. Daily Standup/Scrum: 15m What I did yesterday What I am

    doing today Any issues

  21. Retrospective Time to reflect and improve

  22. Unscheduled Ad Hoc incoming work requests, reviewed daily

  23. Guiding Principals

  24. Eliminate Scope Creep No new tasks in an active sprint

  25. Meet Commitments Finish everything in a sprint

  26. Team ownership •  Tasks •  Prioritization •  Details •  Estimating

    •  Scrum meeting

  27. Lean Management Just in time delivery

  28. The Results? Unscheduled Work Metrics Clear Tasks and Owners Better

    Estimation Continuous Improvement

  29. One Takeaway…

  30. Retrospective Making Good Teams Great

  31. Next Steps?

  32. We’re Hiring! Email Matt: [email protected]  

  33. Jon Rose | OWASP NYC 9.2015 Thanks!