Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Agile Security
Search
Jon Rose
September 09, 2015
Technology
1
160
Agile Security
A story about becoming agile.
Jon Rose
September 09, 2015
Tweet
Share
More Decks by Jon Rose
See All by Jon Rose
Decoding Bug Bounty Programs
jonrose
1
510
Builders Vs. Breakers AppSec 2012
jonrose
2
210
Rich Internet Application Security
jonrose
2
91
Dynamic App Patching
jonrose
2
64
Cloudy with a chance of 0-day
jonrose
1
68
Deblaze - A remote method enumeration tool for flex servers
jonrose
3
190
Deblaze - A Remote Method Enumeration Tool for Flex Servers, Defcon
jonrose
2
120
CodeSearch0day
jonrose
1
51
Other Decks in Technology
See All in Technology
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
1
230
型情報を用いたLintでコード品質を向上させる
sansantech
PRO
2
120
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
成果を出しながら成長する、アウトプット駆動のキャッチアップ術 / Output-driven catch-up techniques to grow while producing results
aiandrox
0
380
プロダクト開発を加速させるためのQA文化の築き方 / How to build QA culture to accelerate product development
mii3king
1
280
UI State設計とテスト方針
rmakiyama
2
740
ずっと昔に Star をつけたはずの思い出せない GitHub リポジトリを見つけたい!
rokuosan
0
150
PHPerのための計算量入門/Complexity101 for PHPer
hanhan1978
5
270
.NET 9 のパフォーマンス改善
nenonaninu
0
1.2k
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
180
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
190
5分でわかるDuckDB
chanyou0311
10
3.3k
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Why Our Code Smells
bkeepers
PRO
335
57k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
How to Think Like a Performance Engineer
csswizardry
22
1.2k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k
A Tale of Four Properties
chriscoyier
157
23k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.4k
How To Stay Up To Date on Web Technology
chriscoyier
789
250k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Building an army of robots
kneath
302
44k
Transcript
This is a story about becoming Agile Jon Rose |
OWASP NYC 9.2015
Previously in Security…
Security work was primarily Outsourced
Limited hands-on, technical work
5 Security Program Update Chasing Fires
Way too many meetings
7 Security Program Update Too Much Too Fast
Does this sound familiar?
9 Security Program Update
Our Solution: Agile Security Security Opera6ons Center
Goal Better communication within teams
Goal New and streamlined processes between teams
Goal Reduce reliance on email and meetings
Goal Identify & Manage Ad Hoc work Security Opera6ons Center
Goal Better estimation of tasks & projects Security Opera6ons Center
Goal Clear ownership and responsibility
Agile Framework
Backlog A place to track all work items as small
tasks ~30m to 2.5d
Sprints Two-week period working on specific backlog tasks
Daily Standup/Scrum: 15m What I did yesterday What I am
doing today Any issues
Retrospective Time to reflect and improve
Unscheduled Ad Hoc incoming work requests, reviewed daily
Guiding Principals
Eliminate Scope Creep No new tasks in an active sprint
Meet Commitments Finish everything in a sprint
Team ownership • Tasks • Prioritization • Details • Estimating
• Scrum meeting
Lean Management Just in time delivery
The Results? Unscheduled Work Metrics Clear Tasks and Owners Better
Estimation Continuous Improvement
One Takeaway…
Retrospective Making Good Teams Great
Next Steps?
We’re Hiring! Email Matt:
[email protected]
Jon Rose | OWASP NYC 9.2015 Thanks!