Lean Security

Explore lean security principles in this 42-minute LASCON conference talk by Ernest Mueller. Learn how to align security practices with Lean, DevOps, and Continuous Delivery philosophies to enhance organizational speed and efficiency. Discover strategies for implementing attack-driven approaches to software delivery pipelines, increasing transparency and visibility across the organization. Gain insights into defensive systems thinking to reshape the attack landscape while working in harmony with business functions. Understand emerging Lean, Agile, and DevOps techniques, acquire organizational strategies to bridge DevOps and security, and learn to apply effective detection and monitoring through real-world examples. Examine common security challenges and misconceptions, and discover how adopting lean security principles can transform security from a bottleneck to a valuable, integrated process that supports business objectives while efficiently managing risks.

Intro
WHAT ARE THE CHALLENGES THAT AGILE / DEVOPS / LEAN POSE TO INFOSEC?
INSTEAD, EXAMINE HOW ADOPTING THESE STRATEGIES CAN HELP YOU WIN
LEAN SECURITY IS FOR WINNERS
SECURITY IS JUST BEANCOUNTING
WE TRADED ENGINEERING FOR ACTUARIAL DUTIES
A SECURITY MANAGEMENT SYSTEM PROVIDES OPTIMAL VALUE TO THE ORGANIZATION FIE ACTIVELY SUPPORTS ACHIEVING THE BUSINESS AND COMPLIANCE OBJECTIVES OF THE ORGANIZATION (THE VARIABLE PART) IS AN EFFICIENT, ABLE AND INTEGRATED PROCESS, CAPABLE OF DEALING WITH A DYNAMIC THREAT ENVIRONMENT CONSUMES MINIMAL TIME AND RESOURCES RESULTS IN ADEQUATELY MANAGED SECURITY RISK, IN LINE WITH THE RISK APPETITE OF THE ORGANIZATION PROVIDES ONLY THE NECESSARY, YET ADEQUATE, USER FRIENDLY, EFFICIENT AND MEASURABLE SECURITY CONTROLS
SECURITY IS A BOTTLENECK
UNDERSTAND THE WASTE THAT YOU GENERATE
SECURITY IS INVISIBLE
SECURITY PROFESSIONALS ARE QUICK TO SAY SECURITY IS EVERYONE'S JOB
SECURITY IS ALWAYS TOO LATE
CEASE DEPENDENCE ON MASS INSPECTION TO ACHIEVE QUALITY. IMPROVE THE PROCESS AND BUILD QUALITY INTO THE PRODUCT IN THE FIRST PLACE.'
SECURITY IS ALWAYS IN THE WAY
SECURITY IS PERFECTIONIST AND IS THEREFORE UNREALISTIC
SECURITY IS YOUR PRODUCT
QUESTIONS?