Scrumy Security: Getting stuff done

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 2 p.m. (50 minutes).

"The Information Security professional's job is never done! Information Security teams must span the remainder of the IT organization to cover all sorts of issues, such as systems, storage, applications, network and vulnerability management, etc. They are tasked to resolve these issues and maintain high-availability with often a fraction of the staff needed. There are some estimates which show the ratio of IT to Security personnel as high as 100:3. This leads to our security team members feeling they never get anything done; which leads to burnout (a topic we continue to hear about). So what do we do? We need to find a new way to work in Information Security! A way in which we know we are resolving issues while maintaining a strong security posture and keeping high-availability on systems. A At the same time, we need to have a measurable way to show our progress accomplishing these tasks. In this presentation, we will discuss how we can apply Scrum to our Information Security teams to address and resolve the mounting issues against them and how we use this methodology to get to ‘DONE’!  " Moey is a Chicago native who is a born again IT professional. After 10 years of living and breathing Info Sec, he is leading application development teams. He fights evil by day light, looks for fun at moon light and never runs from a real fight. He has sold and re-bought his soul more times than he cares to admit. @securitymoey

Presenters:

Links:

Similar Presentations: