| Track: | Maps and Graphs |
|---|---|
| When: | Thu PM-1 |
| Where: | Larch |
| Organizers | Tony Richards Tony Richards , Simon Wardley Simon Wardley |
| Participants | Francois Raynaud Francois Raynaud , Fraser Scott Fraser Scott , Ian Taylor Ian Taylor , Luis Saiz Luis Saiz , Mario Platt Mario Platt , Naushad S Naushad S , Phil Huggins Phil Huggins , Phil Parker Phil Parker , Sven Schleier Sven Schleier , Thomas Franceschini Thomas Franceschini , Tony Richards Tony Richards , Wayne Moore Wayne Moore |
| Remote Participants | Barbara Schachner Barbara Schachner |
With the widespread adoption of agile development and more organisations looking to organise themselves along the lines of the Spotify Model (Squads, Tribes, Chapters and Guides), how can security functions within those organisations take advantage of Cell Based Structures to be more responsive to the business needs, while incorporating the aptitudes and attitudes of Pioneers, Settlers and Town Planners to better meet those needs.
WHY
Many of the issues that businesses suffer with, from business alignment to various forms of inertia, to one size fits all to the perils of outsourcing, are a consequence of how we organize ourselves. Most the time we break companies down into silos grouped around type – i.e. type of activity, practice or data. Hence, we have Finance departments, IT departments and Security departments. Each of these silos consist of many activities, all at different stages of evolution. It is easy for a single department to adopt a one size fits all technique that invariably creates alignment issues with other groups. “We need Security to be more efficient” will be the chant of one group whilst another declares, “We need Security to be more innovative”. The more silos of this type, the more likely that alignment issues will occur. A more effective approach (used by the Next Generation companies) is to break the organization into cells connected by services. The cell-based approach based around grouping components in small teams resolves the problems of one-size fits all and many alignment issues. An example of this can be found with Amazon’s two-pizza model of working in which no team is bigger than can be fed by two pizzas (12 people). Such cell-based approaches are diffusing but are still infrequent in occurrence. The components continue to evolve and as they do so their characteristics change. Which leads to a question. Even if an organization is broken down into small cells, are the right people involved? A two-pizza approach takes advantage of componentization with each group not only providing components to others but also relying on components provided by others. The components continue to evolve and as they do so their characteristics change. Which leads to a question. Even if an organization is broken down into small cells, are the right people involved?
What
- Cell Based Structures
- The rules of Cell Based Structures
- Fitness functions and co-ordination criteria
Outcomes
- Define Security Chapters and the Aptitudes expected
- Define what is needed to co-ordinate Cell Based Security Organisations
- Define the Fitness Functions or criteria for security cells
- Identify the Attitudes of Security professionals across Pioneers, Settlers and Town Planners
Who
The target audience for this Working Session is:
- CISO’s
- Security professionals
- DevSecOps
- Security champions
References
- Squads, Chapters, Tribes and Guides
- Simon Wardley – On Structure
- Notes on organisation - Aptitude and Attitude
- Pioneers, Settlers and Town Planners
- Designing for Constant Evolution
Register as participant
To register as participant add Cell based Structures for Security to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions