Utilising Agile and LEAN Concepts to Run an Effective ... · PDF fileUtilising Agile and LEAN Concepts to Run an Effective Security Team. SDS1-F04. CISO, ... Hoshin Kanri provides
Post on 05-Feb-2018
220 Views
Preview:
Transcript
#RSAC
SESSION ID:SESSION ID:
#RSAC
Ben Doyle
Utilising Agile and LEAN Concepts to Run an Effective Security Team
SDS1-F04
CISO, Asia PacificThales
#RSAC
CONFIDENTIAL
#RSAC
#RSAC
#RSAC
#RSAC
#RSAC
Keep it short with a well defined agenda
Long conversations get kicked out to a different meeting later1 minute - Operational Health of Security Systems2 minutes - Review daily reports2 minutes - Malware threats in last 24 hours2 minutes - Network threats in last 24 hours2 minutes - Open Source Threat News in last 24 hours
Meeting set at 9:45 each morning for 15 minutes
As long as all information is prepared then it’s easy to fit everything in
Standup AGENDA
#RSAC
Use Jira as a project/task management tracking systemGroup small tasks into Story’s which may be part of a larger Epic— Test and Deploy latest AV engine (task)— Anti-Virus Endpoint Software Maintenance (story)— End-Point Security Management (epic)
This allowed us to stop forgotten about things that needed to be done.
No priority was planned on what was done each week, we just used Jira to track it
JIRA – First Steps
#RSAC
Plan to move to sprint so we can define what we wanted to complete every 2 weeks
Requires focus on working on sprint tasks everyday
Three months before starting sprints I asked team to define at stand-up meeting each day the one thing they will complete that day.
This is about building a habit
After 3 months we started to populate 2 week sprints with tasks we thought we could achieve
JIRA – SECond STEP
#RSAC
Sprint – Burn Down Graphs
185 issues/tasks created since the start
115 issues/tasks closed since the start
#RSAC
LEAN – Next Evolution
#RSAC
Why people don’t find yearly objectives of value
Objectives don’t reflect reality by the end of the yearUnplanned business projects consume all the time No planning on how and when to implement the objectivesEmployees can not see how their objectives link to company strategy
Value of objectives reduces because the failed outcome is the same each yearHoshin Kanri provides a structure to tie employee milestones to management milestones, to company strategy
Yearly Objectives
#RSAC
Team Managers Objectives
Team Member 3 Objectives
#RSAC
Hoshin process added structure to the yearly objective settings
Team members found more value in understanding how activities linked together
Must use process in anger to gain understanding
Can be frustrating at first
One remaining missing piece to puzzle
How do you link objectives to Sprints in Jira?
Hoshin Outcomes
#RSAC
#RSAC
3
1
2 4 5
6
7
STRATEGY
OBJECTIVES
GOALS
TASKSSPRINTS
8 91 2 43
1 2 3 4
#RSAC
Apply What You Have Learned Today
18
Next week you should:Start doing a daily standup (just start; the agenda can evolve)
In the first three months following this presentation you should:Consider how you give the team visibility of all tasksConsider if you can organise tasks into sprints to prioritise completion.
Within six months you should:Map your teams objectives to a yearly schedule for implementationOrganise at a minimum, quarterly objective reviews
#RSAC#RSAC
Thank You!
top related