Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Agile Security

Jon Rose
September 09, 2015
Technology
1
160

Agile Security

A story about becoming agile.

Jon Rose

September 09, 2015
Tweet

More Decks by Jon Rose

See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
500
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
91
Dynamic App Patching
jonrose
2
64
Cloudy with a chance of 0-day
jonrose
1
68
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
190
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
120
CodeSearch0day
jonrose
1
51

Other Decks in Technology

See All in Technology
アプリエンジニアのためのGraphQL入門.pdf
spycwolf
0
100
AIチャットボット開発への生成AI活用
ryomrt
0
170
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
230
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
140
『Firebase Dynamic Links終了に備える』 FlutterアプリでのAdjust導入とDeeplink最適化
techiro
0
140
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
300
強いチームと開発生産性
onk
PRO
35
11k
複雑なState管理からの脱却
sansantech
PRO
1
160
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430

Featured

See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Facilitating Awesome Meetings
lara
50
6.1k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
430
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k

Transcript

  1. This is a story about becoming Agile Jon Rose |

    OWASP NYC 9.2015

  2. Previously in Security…

  3. Security work was primarily Outsourced

  4. Limited hands-on, technical work

  5. 5   Security  Program  Update   Chasing Fires

  6. Way too many meetings

  7. 7   Security  Program  Update   Too Much Too Fast

  8. Does this sound familiar?

  9. 9   Security  Program  Update  

  10. Our Solution: Agile Security Security  Opera6ons  Center  

  11. Goal Better communication within teams

  12. Goal New and streamlined processes between teams

  13. Goal Reduce reliance on email and meetings

  14. Goal Identify & Manage Ad Hoc work Security  Opera6ons  Center

     

  15. Goal Better estimation of tasks & projects Security  Opera6ons  Center

     

  16. Goal Clear ownership and responsibility

  17. Agile Framework

  18. Backlog A place to track all work items as small

    tasks ~30m to 2.5d

  19. Sprints Two-week period working on specific backlog tasks

  20. Daily Standup/Scrum: 15m What I did yesterday What I am

    doing today Any issues

  21. Retrospective Time to reflect and improve

  22. Unscheduled Ad Hoc incoming work requests, reviewed daily

  23. Guiding Principals

  24. Eliminate Scope Creep No new tasks in an active sprint

  25. Meet Commitments Finish everything in a sprint

  26. Team ownership •  Tasks •  Prioritization •  Details •  Estimating

    •  Scrum meeting

  27. Lean Management Just in time delivery

  28. The Results? Unscheduled Work Metrics Clear Tasks and Owners Better

    Estimation Continuous Improvement

  29. One Takeaway…

  30. Retrospective Making Good Teams Great

  31. Next Steps?

  32. We’re Hiring! Email Matt: [email protected]  

  33. Jon Rose | OWASP NYC 9.2015 Thanks!