Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
190
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
560
Builders Vs. Breakers AppSec 2012
jonrose
2
240
Rich Internet Application Security
jonrose
2
110
Dynamic App Patching
jonrose
2
100
Cloudy with a chance of 0-day
jonrose
1
100
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
220
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
160
CodeSearch0day
jonrose
1
74
Other Decks in Technology
See All in Technology
LLMやAIエージェントをソフトウェアに組み込むプラクティス
shibuiwilliam
1
260
人を動かすのは時間ではなく、納得感 〜新任EMが入社3ヶ月、組織を2回変えた話〜
kakehashi
PRO
3
200
【Claude Code】鹿野さんに聞く 私の推しの並行開発環境 大公開 / claude-code-parallel-2026-07-15
tonkotsuboy_com
9
4.6k
知らん間に、回ってる
ming_ayami
0
380
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
370
アカウントが増えてからでは遅い? ~ マルチアカウント統制の勘所 ~
kenichinakamura
0
220
product engineering with qa
nealle
0
160
しぶいSRE: サーバから見えない障害にどう向き合うか。ラストワンマイルのデバッグ実践 / Shibui SRE
kanny
13
5.8k
Text-to-SQLをAgentCoreで実現し、生成されるSQLの精度を定量的に評価する
yakumo
2
770
攻撃者がいなくてもAIエージェントはインシデントを起こす
nomizone
0
210
AIに「使われる」時代のSaaS戦略 〜既存WebAPIのMCPサーバー化における開発ノウハウ〜
ekispert_api
0
310
Foxgloveについて 実際にExtensionを開発して公開するまでの話 / About Foxglove: The Story of Developing and Releasing an Extension
ry0_ka
0
190
Featured
See All Featured
How to Think Like a Performance Engineer
csswizardry
28
2.7k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
220
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
600
First, design no harm
axbom
PRO
2
1.2k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
460
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
460
The Limits of Empathy - UXLibs8
cassininazir
1
410
RailsConf 2023
tenderlove
30
1.5k
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
370
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!