Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
170
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
520
Builders Vs. Breakers AppSec 2012
jonrose
2
220
Rich Internet Application Security
jonrose
2
94
Dynamic App Patching
jonrose
2
69
Cloudy with a chance of 0-day
jonrose
1
74
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
200
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
140
CodeSearch0day
jonrose
1
64
Other Decks in Technology
See All in Technology
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
5.4k
pprof vs runtime/trace (FlightRecorder)
task4233
0
150
Pure Goで体験するWasmの未来
askua
1
170
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
pfn
PRO
2
940
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
0
210
FastAPIの魔法をgRPC/Connect RPCへ
monotaro
PRO
1
700
職種別ミートアップで社内から盛り上げる アウトプット文化の醸成と関係強化/ #DevRelKaigi
nishiuma
2
130
Flaky Testへの現実解をGoのプロポーザルから考える | Go Conference 2025
upamune
1
400
How to achieve interoperable digital identity across Asian countries
fujie
0
110
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
130
AI Agentと MCP Serverで実現する iOSアプリの 自動テスト作成の効率化
spiderplus_cb
0
470
Oracle Cloud Infrastructure:2025年9月度サービス・アップデート
oracle4engineer
PRO
0
370
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
2.6k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Agile that works and the tools we love
rasmusluckow
331
21k
How to Think Like a Performance Engineer
csswizardry
27
2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
45
2.5k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Speed Design
sergeychernyshev
32
1.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Building Better People: How to give real-time feedback that sticks.
wjessup
368
20k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
51k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!