MANAGING DAILY SECURITY OPERATIONS WITH LEAN AND KANBAN

Similar documents
MANAGING DAILY SECURITY OPERATIONS WITH LEAN AND KANBAN

Getting Started with Kanban Paul Klipp

Using Kanban Boards in Agile

Personal Kanban. Stop wasting your life

Designing your Kanban Board to Map your Process

What is meant by the term, Lean Software Development? November 2014

WHY KANBAN? Troy Tuttle. blog.troytuttle.com. twitter.com/troytuttle. linkedin.com/in/troytuttle. Project Lead Consultant, AdventureTech

Program & Portfolio! Management using! Kanban! Copyright 2013 Davisbase Consulting. Limited Display License Provided to ASPE

agenda AGILE AT SCALE

Kanban. A Toyota s manufacturing system for Software Development CERN EUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH. Eloy Reguero Fuentes

Lean Software Development and Kanban

Agile support with Kanban some tips and tricks By Tomas Björkholm

Lean and Kanban at Scale Extending Kanban across the portfolio, program and team levels. Al Shalloway, Net Objectives. September 4 th, 2014

Software Engineering I (02161)

Identifying & Implementing Quick Wins

IT Governance In The Cloud: Building A Solution Using Salesforce.com

Cloud Security Who do you trust?

An Introduction to Kanban for Scrum Users. Stephen Forte Chief Strategy Officer,

Scrum vs. Kanban vs. Scrumban

Assignment 1: Your Best Backlog

Con$nuous Accelera$on Accelera$ng Innova$on with So6ware Supply Chain Management Ilkka Turunen SOLUTIONS ARCHITECT EMEA / APJ

Perficient Doubles Microsoft Cloud Revenues Yearly Since 2010; Boosts Trusted Advisor Status

Transacting Partner in Microsoft Sales System. Fast Track / Onboarding Center Registered Deployment. Partner

The only person who likes change is a baby with a wet diaper. Mark Twain. Charan CA Atreya

Choosing the Right ERP Solution:

Executive Guide to SAFe 24 July An Executive s Guide to the Scaled Agile Framework.

(Dev + Ops) ITSM = Calamity

VISUAL REQUIREMENTS MANAGEMENT WITH KANBAN. Mahesh Singh Co-founder/ Sr. VP Product, Digite, Inc.

How we work. Digital Natives working methods

Migration Scenario: Migrating Batch Processes to the AWS Cloud

MTAT Software Engineering

Ten Critical Questions to Ask a Manufacturing ERP Vendor

Lean, Agile and Kanban. Mia (Maria) Nordborg Director of Customer Relations

White paper: Scrum-ban for Project Management

BLAST PAST BOTTLENECKS WITH CONSTRAINT BASED SCHEDULING

Ten Critical Questions to Ask a Manufacturing ERP Vendor

Cloud Services Catalog with Epsilon

Agile Power Tools. Author: Damon Poole, Chief Technology Officer

FOREIGN MATTER MANAGEMENT 36 QUESTION ASSESSMENT

How to Build a Service Management Hub for Digital Service Innovation

Logicalis Delivers Low-risk, Cost-effective Cloud Computing Services with CA Technologies

How To Manage A Privileged Account Management

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Lean Metrics How to measure and improve the flow of work. Chris Hefley, CEO of LeanKit. November 5 th, 2014

Sreerupa Sen Senior Technical Staff Member, IBM December 15, 2013

Agile and lean methods for managing application development process

The Agile Manifesto is based on 12 principles:

Five Tips to Achieve a Lean Manufacturing Business

A Kanban System for Sustaining Engineering on Software Systems

Business Process Management The Must Have Enterprise Solution for the New Century

Kanban A Lean approach to Agile software development

IT Portfolio Management in State Government

Moving beyond Virtualization as you make your Cloud journey. David Angradi

DARMADI KOMO: Hello, everyone. This is Darmadi Komo, senior technical product manager from SQL Server marketing.

Scrum and Kanban 101

Lean vs. Agile similarities and differences Created by Stephen Barkar -

Agile and lean methods for managing application development process

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

TEST MANAGEMENT SOLUTION Buyer s Guide WHITEPAPER. Real-Time Test Management

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

Lean manufacturing in the age of the Industrial Internet

How to Run a Successful Big Data POC in 6 Weeks

IDC US UPCOMING EVENT CALENDAR

The Lego Lean Game. Danilo Sato, Francisco Trindade XP 2009 Sardinia - Italy. 25 th May 2009

TABLE OF CONTENTS. Foreword. How to Use This Guide. Introduction. Step 1: Map Your Current Workflow. Step 2: Put Work on the Board

Kanban vs Scrum Making the most of both

IT Operations Management: A Service Delivery Primer

Agile Project Management and the Real World. Emily Lynema DLF Fall 2010 November 1, 2010

Datalogix. Using IBM Netezza data warehouse appliances to drive online sales with offline data. Overview. IBM Software Information Management

USAGE OF KANBAN METHODOLOGY AT SOFTWARE DEVELOPMENT TEAMS

WHITE PAPER. Five Steps to Better Application Monitoring and Troubleshooting

CRM Integration Best Practices

How To Compare Six Sigma, Lean and the Theory of Constraints

What is Application Lifecycle Management? At lower costs Get a 30% return on investment guaranteed and save 15% on development costs

Strategy Deployment Through Collaborative Planning. Linking the Strategy to Practical Activity

TesT AuTomATion Best Practices

Introduction to Software Kanban

ALM/Quality Center. Software

Responsible Big Data Governance: Preventing Regulatory Overreaction

Achieving Basic Stability By Art Smalley

Kanban kick- start. By Tomas Björkholm at Crisp, April 2011

How to Initiate and Sustain Lean Process Improvement

STATE OF OPENSTACK ADOPTION REPORT Industry Survey Results February 2016

CONTROL. FLEXIBILITY. PERFORMANCE.

Keeping a Healthy Product Backlog

Agile Requirements Definition and Management (RDM) How Agile requirements help drive better results

Kanban: A Process Tool. John Heintz, Gist Labs john@gistlabs.com

Iteration Planning. also called Iteration Kickoff

CONTENTS PLANNING BACKGROUND. PROCESS. GETTING STARTED.

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Security Patch Management and MSMUG. Bill Cotter 3M

Bottlenecks in Agile Software Development Identified Using Theory of Constraints (TOC) Principles

BMC Control-M Workload Automation

Wonderware MES/Operations Managing the transformation of materials into finished products in real time

Continuous Improvement

Four strategies to help move beyond lean and build a competitive advantage

Implementing Practical Information Security Programs

Managing the Challenges of R12: Strategies for Upgrades and Ongoing Change Management

Implementation of Best Practices in Environmental Cleaning using LEAN Methodology. Tom Clancey and Amanda Bjorn

Transcription:

MANAGING DAILY SECURITY OPERATIONS WITH LEAN AND KANBAN Branden R. Williams (@BrandenWilliams) EVP, Sysnet Global Solutions Session ID: GRC- T01A Session Classification: General Interest

AGENDA AND OBJECTIVES Discuss Lean & Applicability Reveal Challenges with the Volume of Work Show Kanban and why it works Drink and be Merry

HOW IS AN IT/IS PERSON S DAY PRIORITIZED TODAY?

1: THE BIGGEST FIRE

2: THE LOUDEST EXECUTIVE

WHERE DOES THIS LEAD US? To the hamster wheel of pain and suffering!

The Familiar Problem We get dumped on by everyone Our work is always late We somemmes make promises that we can t deliver on We defer work that we shouldn t No one takes no for an answer We act before understanding the business Business is dissamsfied with our work

THERE MUST BE A BETTER WAY

THE GOAL, DR. ELIYAHU M. GOLDRATT Who here is an MBA? You ve probably read this! Introduces Theory of Constraints

IT SECURITY IS AN ELECTRONIC FACTORY Concepts that drive physical factories can drive IT/IS work Lean producmon in factories can teach us quite a bit about systems and types of work Physical or digital, the concepts apply universally We have inputs, WIP, and outputs Some of our inputs and outputs may not be tangible (unless printed) What is WIP? Work In Process, or work that is incomplete It is neither raw materials nor a finished product Ties up input resources and prevents useful outputs from flowing through It s the gunk in the IT/IS machine!

WHAT IS LEAN? Lean is a system that does two things: Reduce waste Improve throughput Common analogies: Manufacturing (plants) Supply chain Key differenmator: PULL system VISUALIZED work

SYSTEMS THINKING Understand the flow of work Always seek to increase flow Never unconsciously pass defects downstream Never allow local opmmizamon to cause global degradamon Achieve profound understanding of the system

WHAT IS WORK? Inputs: Dev project reviews Prep for upcoming audits Deploy security technologies Fix audit findings Migrate from virtual to cloud PrevenMve projects to elevate constraint WIP: Unfinished projects Code changes prior to deploy Uncommided changes

WHAT IS WORK? (CONTINUED) Outputs Completed projects Services running Audits complete Completed projects Happy customers

EXAMPLE: A TYPICAL TODO LIST q Prepare But budget presentamon wait. for exec staff q Approve change 35133 for Order Entry applicamon q Pull log files for PCI assessors q Create report on Microsoh Super Tuesday THERE S q Respond audit findings for SOX audit (OVERDUE) q Apply firewall rules from last change control meemngs q Review due diligence report from cloud vendor q Build MORE!! service catalog for infosec (duh) program q Research that new web adack technique: does it affect us?

EXAMPLE: A LONGER TYPICAL TODO LIST q Reach out to new internal auditor q Think about unified control strategy for compliance (3 rd year on TODO list) q Create appointment with developer, asking to stop avoiding input validamon (who is his manager?) q Find out who owns server TWX- 44-9113: is port 9050 really supposed to be open? (TOR?) q Respond to angry email from MarkeMng director: privacy regulamons aren t opmonal (!!) q Email Sarah: please take me off the physical security alert list q Read that report from external auditor: can t TL;DR any more

KANBAN What is it, and why does it work? Popularized by Taiichi Ohno (Toyota) Scheduling board for lean producmon Good: Visualizes work in a system Beder: Visualizes work FLOW THROUGH a system Outcomes: WORK GETS DONE! Work takes less Mme to complete (i.e., reduced cycle Mme, on Mme!) Beder tracking of effort and costs Find recurring work that we can automate Find work where there s too much Mme waimng or in queue Business gets what they need, when they need it Infosec becomes viewed as a reliable partner

SAMPLE KANBAN PROCESS W/WIP LIMITS READY DOING (2) DONE Add Write MS13-008 project plan to for patch new automated distribumon code deployment system Review code for Project Hoosegow, Sprint 39

WHY DOES KANBAN WORK? Work visualizamon is POWERFUL Most teams don t have good ways to see all of the work in a system It s easier when you are looking at a plant, harder when dealing with knowledge work Work taken out of the system is as important as work put into the system. Saying no signals capacity Forces re- alignment with business objecmves

WHAT WORK IS REALLY MOST IMPORTANT? Top line goals of top execumves exist for a reason Does your work align to those goals? Does it help those execumves meet those goals? If not, WHY ARE YOU DOING IT? Understand where controls exist in the business As the keeper of the IT controls, are you responsible for catching everything? What other controls exist in the business that you can leverage to avoid puqng work into the system? Or, even beder, if you idenmfy a constraint around another control, can you do work to elevate that constraint for the business?

USE CASE FOR KANBAN Managing Audit Findings Which ones are a priority? (aligned with biz objecmves) How do we report commitments up? (visualize flow) How do we take work out of the system? (don t overcommit) Latest audit finding generates massive remediamon With Lean & Kanban you will: Visualize the current backlog Work around the constraint (your one key resource) Understand what backlog impacts audit finding Automate where possible PotenMally make other adjustments to reduce workload

USE CASE FOR KANBAN (2) Code Deploys Ensuring broken code does not end up in producmon (auto- test/tdd) Reduce cycle Mme for frequent deploys (Agile) Ensure compliance with stds remains intact (system- driven) New feature proposed that impacts user experience With Lean & Kanban you will: Build out workflow (IT is a factory) Visualize work in process Automate around your constraint (upmme?) Ensure IT process flows include security checks (automated gates)

WHERE CAN I LEARN MORE?

THE PHOENIX PROJECT*

RESOURCES Gartner Risk- Adjusted Value Management Contact Paul Proctor, Chief of Research, Risk and Security, Gartner, Inc. (paul.proctor@gartner.com) Or your Gartner rep Leankit.com FREE Kanban board system, with ifuncmonality Personal Kanban By Jim Benson and Tonianne DeMaria Barry, Personalkanban.com Kanban (tougher reading, but treats enterprise problems) By David J Anderson

Starting With The Business Goals

Questions? @BrandenWilliams BrandenWilliams.com

Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information