Lean Security 101: Lean and Practical Approaches to Security Projects
Catch Josh More's "Lean Security 101" presentation at the Association of Information Technology Professionals, Northwest Chapter (NWAITP) meeting this September.
For years, we've been told the key to security is technology. We purchase and deploy technology to create layers behind layers, making our walls taller and taller to keep the bad guys out. Sadly, it's not working.
What does work is combining lessons learned in other industries to the security world. By examining best practices within Lean Manufacturing, Agile Development and Rugged DevOps, this presentation delivers ways you can be successful in security, not by purchasing technology, but by:
-
Effectively using what you have and what you can get for free
-
Re-allocating security budget from the point of diminishing return
-
Identifying and maximizing learning opportunities
-
Engaging in small, inexpensive test projects
-
Choosing custom and rational metrics to measure what matters
-
Replacing defective systems with ones that grow with you
-
Turning security from a catch-up game into one of strategic and competitive advantage.
Success in security depends on the right mix of people, technology and process. Without all three, you are doomed to failure.