Agile Security

Transcript

1. This is a story about becoming Agile Jon Rose |

   OWASP NYC 9.2015

2. Previously in Security…

3. Security work was primarily Outsourced

4. Limited hands-on, technical work

5. 5   Security  Program  Update   Chasing Fires

6. Way too many meetings

7. 7   Security  Program  Update   Too Much Too Fast

8. Does this sound familiar?

9. 9   Security  Program  Update  

10. Our Solution: Agile Security Security  Opera6ons  Center  

11. Goal Better communication within teams

12. Goal New and streamlined processes between teams

13. Goal Reduce reliance on email and meetings

14. Goal Identify & Manage Ad Hoc work Security  Opera6ons  Center

     

15. Goal Better estimation of tasks & projects Security  Opera6ons  Center

     

16. Goal Clear ownership and responsibility

17. Agile Framework

18. Backlog A place to track all work items as small

    tasks ~30m to 2.5d

19. Sprints Two-week period working on specific backlog tasks

20. Daily Standup/Scrum: 15m What I did yesterday What I am

    doing today Any issues

21. Retrospective Time to reflect and improve

22. Unscheduled Ad Hoc incoming work requests, reviewed daily

23. Guiding Principals

24. Eliminate Scope Creep No new tasks in an active sprint

25. Meet Commitments Finish everything in a sprint

26. Team ownership •  Tasks •  Prioritization •  Details •  Estimating

    •  Scrum meeting

27. Lean Management Just in time delivery

28. The Results? Unscheduled Work Metrics Clear Tasks and Owners Better

    Estimation Continuous Improvement

29. One Takeaway…

30. Retrospective Making Good Teams Great

31. Next Steps?

32. We’re Hiring! Email Matt: [email protected]  

33. Jon Rose | OWASP NYC 9.2015 Thanks!