Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
170
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Rich Internet Application Security
jonrose
2
94
Dynamic App Patching
jonrose
2
69
Cloudy with a chance of 0-day
jonrose
1
74
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
140
CodeSearch0day
jonrose
1
64
Other Decks in Technology
See All in Technology
MCPサーバーを活用したAWSコスト管理
arie0703
0
150
プロジェクトマネジメントは不確実性との対話だ
hisashiwatanabe
0
190
自治体職員がガバクラの AWS 閉域ネットワークを理解するのにやって良かった個人検証環境
takeda_h
2
360
.NET開発者のためのAzureの概要
tomokusaba
0
220
20250818_KGX・One Hokkaidoコラボイベント
tohgeyukihiro
0
130
株式会社ARAV 採用案内
maqui
0
190
なごミュ@SPAJAM2025 第二回予選
1901drama
0
120
AIドリブンのソフトウェア開発 - うまいやり方とまずいやり方
okdt
PRO
9
490
GitHub Copilot coding agent を推したい / AIDD Nagoya #1
tnir
1
2k
Observability for LLM Application lifecycle
ivry_presentationmaterials
1
210
S3のライフサイクル設計でハマったポイント
mkumada
0
100
キャリアを支え組織力を高める「多層型ふりかえり」 / 20250821 Kazuki Mori
shift_evolve
PRO
2
270
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
For a Future-Friendly Web
brad_frost
179
9.9k
Speed Design
sergeychernyshev
32
1.1k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
How to Ace a Technical Interview
jacobian
279
23k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!