Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
170
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Rich Internet Application Security
jonrose
2
94
Dynamic App Patching
jonrose
2
69
Cloudy with a chance of 0-day
jonrose
1
74
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
140
CodeSearch0day
jonrose
1
64
Other Decks in Technology
See All in Technology
リーダーになったら未来を語れるようになろう/Speak the Future
sanogemaru
0
270
Geospatialの世界最前線を探る [2025年版]
dayjournal
3
480
VCC 2025 Write-up
bata_24
0
170
多野優介
tanoyusuke
1
280
AI時代だからこそ考える、僕らが本当につくりたいスクラムチーム / A Scrum Team we really want to create in this AI era
takaking22
6
3k
Railsアプリケーション開発者のためのブックガイド
takahashim
14
6k
Pythonによる契約プログラミング入門 / PyCon JP 2025
7pairs
5
2.5k
FastAPIの魔法をgRPC/Connect RPCへ
monotaro
PRO
1
700
いま注目しているデータエンジニアリングの論点
ikkimiyazaki
0
580
「技術負債にならない・間違えない」 権限管理の設計と実装
naro143
35
11k
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
330
Pure Goで体験するWasmの未来
askua
1
170
Featured
See All Featured
Speed Design
sergeychernyshev
32
1.1k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Practical Orchestrator
shlominoach
190
11k
A Modern Web Designer's Workflow
chriscoyier
697
190k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!