Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
180
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Rich Internet Application Security
jonrose
2
95
Dynamic App Patching
jonrose
2
76
Cloudy with a chance of 0-day
jonrose
1
74
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
210
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
150
CodeSearch0day
jonrose
1
65
Other Decks in Technology
See All in Technology
20251209_WAKECareer_生成AIを活用した設計・開発プロセス
syobochim
1
390
re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)
masukawa
0
220
技術以外の世界に『越境』しエンジニアとして進化を遂げる 〜Kotlinへの愛とDevHRとしての挑戦を添えて〜
subroh0508
1
310
32のキーワードで学ぶ はじめての耐量子暗号(PQC) / Getting Started with Post-Quantum Cryptography in 32 keywords
quiver
0
300
コミューンのデータ分析AIエージェント「Community Sage」の紹介
fufufukakaka
0
320
21st ACRi Webinar - Univ of Tokyo Presentation Slide (Shinya Takamaeda)
nao_sumikawa
0
110
HIG学習用スライド
yuukiw00w
0
110
pmconf2025 - データを活用し「価値」へ繋げる
glorypulse
0
630
Oracle Cloud Infrastructure:2025年11月度サービス・アップデート
oracle4engineer
PRO
2
170
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
eBPFとwaruiBPF
sat
PRO
4
2.4k
著者と読み解くAIエージェント現場導入の勘所 Lancers TechBook#2
smiyawaki0820
11
5.4k
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
174
15k
How GitHub (no longer) Works
holman
316
140k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
[SF Ruby Conf 2025] Rails X
palkan
0
470
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Side Projects
sachag
455
43k
Making Projects Easy
brettharned
120
6.5k
Balancing Empowerment & Direction
lara
5
790
Git: the NoSQL Database
bkeepers
PRO
432
66k
How STYLIGHT went responsive
nonsquared
100
5.9k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!
jonrose
syobochim
masukawa
subroh0508
quiver
fufufukakaka
nao_sumikawa
yuukiw00w
glorypulse
oracle4engineer
sansan33
sat
smiyawaki0820
rocio
holman
marcelosomers
iamctodd
garrettdimon
palkan
caitiem20
sachag
brettharned
lara
bkeepers
nonsquared
![We’re Hiring! Email Matt: [email protected]](https://files.speakerdeck.com/presentations/d5f87fa2b1c74e9e8069fc484ff908ff/slide_31.jpg){kind=link}
