SlideShare una empresa de Scribd logo
1 de 15
Fragile to Agile
On time, on budget and with acceptable risks
Bruno Motta Rego
Agenda
• Scenario.
• Classical vs Agile.
• Time, Budget & Risk.
SCENARIO
01.
Business & People
• TTM
– Move much faster, move more agile…
• Workforce are changing.
– Gen Y is overconfident in its security knowledge.
– Gen Y less sophisticated security due to cost and barriers.
THE GENERATION GAP IN COMPUTER SECURITY: A SECURITY USE SURVEY FROM GEN Y TO BABY BOOMERS
Source: 2012 Dimensional Research.
CLASSICAL VS AGILE
“WE NEED TO BE AGILE, BUT NOT FRAGILE.”
@RUGGEDSOFTWARE
02.
Classical
• Security team is involved.
• One, two or three years project cycle.
• Well-defined phases, waterfall-style.
• Service requests.
• Security is vitally important...
Agile
• Security team is engaged.
• One, two or three weeks or sprint cycles.
• Iterative, phase less.
• Continuous integration & delivery.
• Security is vitally important...
XING
• New Gens changes environment for collaboration.
• Needs emerge on each week cycle.
• Global scarcity of professionals and talents.
• Products vs headcount.
• Security is vitally important...
TIME, BUDGET & RISK
“IT’S NOT ENOUGH TO DO YOUR BEST; YOU MUST KNOW WHAT TO DO, AND THEN DO YOUR BEST”
WILLIAM EDWARDS DEMING
03.
Time Continuous Integration (CI)
• Rugged Software.
– Automated several engines security test and bug track.
• Threat Modeling - Secure Design Training.
– Architects and engineers responsible for security design.
• Amplify Inputs & Feedback Loops.
– Bug bounty program, bug track decision, quality reports.
Budget Continuous Delivery (CD)
• Improve deployment frequency.
– Spread security posture pushing security hardening
automatically.
– Automated several engines security test and bug track.
• Amplify Inputs & Feedback Loops.
– CIA self-monitor, quality reports & compliance reports.
Risk
• Amplify Inputs to Support Decisions.
– Security tests reports, quality reports & compliance
reports as vendor assessment, PCI, etc…
• Risk Evaluation, Decision and Learning.
– Engage the Privacy & Legal Teams.
– Incremental adoption of non automated process.
– Document the risks accepted and define a cycle loops.
CHALLENGES
04.
THANK YOU
Facebook, LinkedIn & Twitter
@brunomottarego
References
RSA Conference 2015
Continuous Security: 5 Ways DevOps Improves Security
David Mortman, Joshua Corman
Securing Boomers, Gen Xers, and Millennials: OMG We are so Different!
Todd Fitzgerald
Research
THE GENERATION GAP IN COMPUTER SECURITY: A SECURITY USE SURVEY
FROM GEN Y TO BABY BOOMERS
2012 Dimensional Research.
Manifesto Agile
http://www.agilemanifesto.org/

Más contenido relacionado

La actualidad más candente

The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security MetricsDoug Copley
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecurityDoug Copley
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data CleanResolver Inc.
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID EraCitrin Cooperman
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise SecuritySymantec
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 

La actualidad más candente (20)

The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
Improving Security Metrics
Improving Security MetricsImproving Security Metrics
Improving Security Metrics
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Cybersecurity During the COVID Era
Cybersecurity During the COVID EraCybersecurity During the COVID Era
Cybersecurity During the COVID Era
 
2010 State Of Enterprise Security
2010 State Of Enterprise Security2010 State Of Enterprise Security
2010 State Of Enterprise Security
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teaming
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
Modern Security Risk
Modern Security RiskModern Security Risk
Modern Security Risk
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
Sect f41
Sect f41Sect f41
Sect f41
 

Similar a Fragile to Agile ... On time, on budget and with acceptable risks.

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramMichael Davis
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...Andrew O. Leeth
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Priyanka Aash
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Downaccenture
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
BSides Vienna 2015
BSides Vienna 2015BSides Vienna 2015
BSides Vienna 2015Daniel Liber
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementAleksey Lukatskiy
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdfPMIUKChapter
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2Manish Kumar
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 

Similar a Fragile to Agile ... On time, on budget and with acceptable risks. (20)

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
 
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 days
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile Environments
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
Agile security
Agile securityAgile security
Agile security
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
BSides Vienna 2015
BSides Vienna 2015BSides Vienna 2015
BSides Vienna 2015
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness Measurement
 
Shields Up Presentation.pdf
Shields Up Presentation.pdfShields Up Presentation.pdf
Shields Up Presentation.pdf
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 

Último

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Fragile to Agile ... On time, on budget and with acceptable risks.

  • 1.
  • 2. Fragile to Agile On time, on budget and with acceptable risks Bruno Motta Rego
  • 3. Agenda • Scenario. • Classical vs Agile. • Time, Budget & Risk.
  • 5. Business & People • TTM – Move much faster, move more agile… • Workforce are changing. – Gen Y is overconfident in its security knowledge. – Gen Y less sophisticated security due to cost and barriers. THE GENERATION GAP IN COMPUTER SECURITY: A SECURITY USE SURVEY FROM GEN Y TO BABY BOOMERS Source: 2012 Dimensional Research.
  • 6. CLASSICAL VS AGILE “WE NEED TO BE AGILE, BUT NOT FRAGILE.” @RUGGEDSOFTWARE 02.
  • 7. Classical • Security team is involved. • One, two or three years project cycle. • Well-defined phases, waterfall-style. • Service requests. • Security is vitally important...
  • 8. Agile • Security team is engaged. • One, two or three weeks or sprint cycles. • Iterative, phase less. • Continuous integration & delivery. • Security is vitally important...
  • 9. XING • New Gens changes environment for collaboration. • Needs emerge on each week cycle. • Global scarcity of professionals and talents. • Products vs headcount. • Security is vitally important...
  • 10. TIME, BUDGET & RISK “IT’S NOT ENOUGH TO DO YOUR BEST; YOU MUST KNOW WHAT TO DO, AND THEN DO YOUR BEST” WILLIAM EDWARDS DEMING 03.
  • 11. Time Continuous Integration (CI) • Rugged Software. – Automated several engines security test and bug track. • Threat Modeling - Secure Design Training. – Architects and engineers responsible for security design. • Amplify Inputs & Feedback Loops. – Bug bounty program, bug track decision, quality reports.
  • 12. Budget Continuous Delivery (CD) • Improve deployment frequency. – Spread security posture pushing security hardening automatically. – Automated several engines security test and bug track. • Amplify Inputs & Feedback Loops. – CIA self-monitor, quality reports & compliance reports.
  • 13. Risk • Amplify Inputs to Support Decisions. – Security tests reports, quality reports & compliance reports as vendor assessment, PCI, etc… • Risk Evaluation, Decision and Learning. – Engage the Privacy & Legal Teams. – Incremental adoption of non automated process. – Document the risks accepted and define a cycle loops.
  • 15. THANK YOU Facebook, LinkedIn & Twitter @brunomottarego References RSA Conference 2015 Continuous Security: 5 Ways DevOps Improves Security David Mortman, Joshua Corman Securing Boomers, Gen Xers, and Millennials: OMG We are so Different! Todd Fitzgerald Research THE GENERATION GAP IN COMPUTER SECURITY: A SECURITY USE SURVEY FROM GEN Y TO BABY BOOMERS 2012 Dimensional Research. Manifesto Agile http://www.agilemanifesto.org/

Notas del editor

  1. ON TIME. Faster builds. Fewer interruptions. More innovation.
  2. ON BUDGET. More efficient. More profitable. More competitive.
  3. ACCEPTABLE RISK. Easier compliance. Higher quality. Built-in audit protection.