Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
170
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
510
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
94
Dynamic App Patching
jonrose
2
67
Cloudy with a chance of 0-day
jonrose
1
71
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
130
CodeSearch0day
jonrose
1
56
Other Decks in Technology
See All in Technology
データ戦略部門 紹介資料
sansan33
PRO
1
3.2k
Kotlinで学ぶ 代数的データ型
ysknsid25
5
1.1k
OCI Oracle Database Services新機能アップデート(2025/03-2025/05)
oracle4engineer
PRO
1
140
「伝える」を加速させるCursor術
naomix
0
610
Introduction to Bill One Development Engineer
sansan33
PRO
0
250
脅威をモデリングしてMCPのセキュリティ対策を考えよう
flatt_security
4
1.5k
白金鉱業Meetup_Vol.19_PoCはデモで語れ!顧客の本音とインサイトを引き出すソリューション構築
brainpadpr
2
290
開発効率と信頼性を両立する Ubieのプラットフォームエンジニアリング
teru0x1
0
130
Go Connectへの想い
chiroruxx
0
160
AIエージェントの継続的改善のためオブザーバビリティ
pharma_x_tech
6
1.1k
Long journey of Continuous Delivery at Mercari
hisaharu
1
200
新卒3年目の後悔 〜機械学習モデルジョブの運用を頑張った話〜
kameitomohiro
0
190
Featured
See All Featured
Balancing Empowerment & Direction
lara
1
280
The Language of Interfaces
destraynor
158
25k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.8k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
480
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
6
690
Producing Creativity
orderedlist
PRO
346
40k
Product Roadmaps are Hard
iamctodd
PRO
53
11k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Done Done
chrislema
184
16k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.5k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!
jonrose
sansan33
ysknsid25
oracle4engineer
naomix
flatt_security
brainpadpr
teru0x1
chiroruxx
.png){kind=icon}
pharma_x_tech
hisaharu
kameitomohiro
lara
destraynor
tammyeverts
bluesmoon
dougneiner
addyosmani
orderedlist
iamctodd
yeseniaperezcruz
rocio
chrislema
productmarketing
![We’re Hiring! Email Matt: [email protected]](https://files.speakerdeck.com/presentations/d5f87fa2b1c74e9e8069fc484ff908ff/slide_31.jpg){kind=link}
