Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
170
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Rich Internet Application Security
jonrose
2
94
Dynamic App Patching
jonrose
2
69
Cloudy with a chance of 0-day
jonrose
1
73
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
140
CodeSearch0day
jonrose
1
64
Other Decks in Technology
See All in Technology
마라톤 끝의 단거리 스퍼트: 2025년의 AI
inureyes
PRO
1
590
隙間時間で爆速開発! Claude Code × Vibe Coding で作るマニュアル自動生成サービス
akitomonam
3
250
AI時代の知識創造 ─GeminiとSECIモデルで読み解く “暗黙知”と創造の境界線
nyagasan
0
190
Google Agentspaceを実際に導入した効果と今後の展望
mixi_engineers
PRO
2
160
恐怖!テストコードなき夜
tsukuboshi
2
110
バクラクによるコーポレート業務の自動運転 #BetAIDay
layerx
PRO
1
740
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
shibuiwilliam
1
260
【CEDEC2025】『ウマ娘 プリティーダービー』における映像制作のさらなる高品質化へ!~ 豊富な素材出力と制作フローの改善を実現するツールについて~
cygames
PRO
0
210
製造業の課題解決に向けた機械学習の活用と、製造業特化LLM開発への挑戦
knt44kw
0
140
人に寄り添うAIエージェントとアーキテクチャ #BetAIDay
layerx
PRO
8
1.8k
Claude Codeが働くAI中心の業務システム構築の挑戦―AIエージェント中心の働き方を目指して
os1ma
9
1.5k
【CEDEC2025】大規模言語モデルを活用したゲーム内会話パートのスクリプト作成支援への取り組み
cygames
PRO
2
720
Featured
See All Featured
Thoughts on Productivity
jonyablonski
69
4.8k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
332
22k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.4k
Building an army of robots
kneath
306
45k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
The World Runs on Bad Software
bkeepers
PRO
70
11k
How to Ace a Technical Interview
jacobian
278
23k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.4k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
4 Signs Your Business is Dying
shpigford
184
22k
Navigating Team Friction
lara
188
15k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!