Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Agile Security

Jon Rose
September 09, 2015
Technology
1
160

Agile Security

A story about becoming agile.

Jon Rose

September 09, 2015
Tweet

More Decks by Jon Rose

See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
510
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
91
Dynamic App Patching
jonrose
2
65
Cloudy with a chance of 0-day
jonrose
1
68
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
190
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
120
CodeSearch0day
jonrose
1
54

Other Decks in Technology

See All in Technology
抽象化をするということ - 具体と抽象の往復を身につける / Abstraction and concretization
soudai
21
8.8k
プロダクトエンジニア構想を立ち上げ、プロダクト志向な組織への成長を続けている話 / grow into a product-oriented organization
hiro_torii
1
230
The Future of SEO: The Impact of AI on Search
badams
0
200
利用終了したドメイン名の最強終活〜観測環境を育てて、分析・供養している件〜 / The Ultimate End-of-Life Preparation for Discontinued Domain Names
nttcom
2
200
「海外登壇」という 選択肢を与えるために 〜Gophers EX
logica0419
0
720
エンジニアの育成を支える爆速フィードバック文化
sansantech
PRO
3
1.1k
Helm , Kustomize に代わる !? 次世代 k8s パッケージマネージャー Glasskube 入門 / glasskube-entry
parupappa2929
0
250
データマネジメントのトレードオフに立ち向かう
ikkimiyazaki
6
1k
なぜ私は自分が使わないサービスを作るのか? / Why would I create a service that I would not use?
aiandrox
0
770
人はなぜISUCONに夢中になるのか
kakehashi
PRO
6
1.7k
リアルタイム分析データベースで実現する SQLベースのオブザーバビリティ
mikimatsumoto
0
1.4k
室長と気ままに学ぶマイクロソフトのビジネスアプリケーションとビジネスプロセス
ryoheig0405
0
370

Featured

See All Featured
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
A designer walks into a library…
pauljervisheath
205
24k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Designing Experiences People Love
moore
140
23k
Practical Orchestrator
shlominoach
186
10k
Visualization
eitanlees
146
15k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Building Adaptive Systems
keathley
40
2.4k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
We Have a Design System, Now What?
morganepeng
51
7.4k
Producing Creativity
orderedlist
PRO
344
39k

Transcript

  1. This is a story about becoming Agile Jon Rose |

    OWASP NYC 9.2015

  2. Previously in Security…

  3. Security work was primarily Outsourced

  4. Limited hands-on, technical work

  5. 5   Security  Program  Update   Chasing Fires

  6. Way too many meetings

  7. 7   Security  Program  Update   Too Much Too Fast

  8. Does this sound familiar?

  9. 9   Security  Program  Update  

  10. Our Solution: Agile Security Security  Opera6ons  Center  

  11. Goal Better communication within teams

  12. Goal New and streamlined processes between teams

  13. Goal Reduce reliance on email and meetings

  14. Goal Identify & Manage Ad Hoc work Security  Opera6ons  Center

     

  15. Goal Better estimation of tasks & projects Security  Opera6ons  Center

     

  16. Goal Clear ownership and responsibility

  17. Agile Framework

  18. Backlog A place to track all work items as small

    tasks ~30m to 2.5d

  19. Sprints Two-week period working on specific backlog tasks

  20. Daily Standup/Scrum: 15m What I did yesterday What I am

    doing today Any issues

  21. Retrospective Time to reflect and improve

  22. Unscheduled Ad Hoc incoming work requests, reviewed daily

  23. Guiding Principals

  24. Eliminate Scope Creep No new tasks in an active sprint

  25. Meet Commitments Finish everything in a sprint

  26. Team ownership •  Tasks •  Prioritization •  Details •  Estimating

    •  Scrum meeting

  27. Lean Management Just in time delivery

  28. The Results? Unscheduled Work Metrics Clear Tasks and Owners Better

    Estimation Continuous Improvement

  29. One Takeaway…

  30. Retrospective Making Good Teams Great

  31. Next Steps?

  32. We’re Hiring! Email Matt: [email protected]  

  33. Jon Rose | OWASP NYC 9.2015 Thanks!