Cell based Structures for Security

Track:Maps and Graphs
When:Thu PM-1
Where:Larch
OrganizersTony Richards Tony Richards , Simon Wardley Simon Wardley
ParticipantsFrancois Raynaud Francois Raynaud , Fraser Scott Fraser Scott , Ian Taylor Ian Taylor , Luis Saiz Luis Saiz , Mario Platt Mario Platt , Naushad S Naushad S , Phil Huggins Phil Huggins , Phil Parker Phil Parker , Sven Schleier Sven Schleier , Thomas Franceschini Thomas Franceschini , Tony Richards Tony Richards , Wayne Moore Wayne Moore
Remote ParticipantsBarbara Schachner Barbara Schachner

With the widespread adoption of agile development and more organisations looking to organise themselves along the lines of the Spotify Model (Squads, Tribes, Chapters and Guides), how can security functions within those organisations take advantage of Cell Based Structures to be more responsive to the business needs, while incorporating the aptitudes and attitudes of Pioneers, Settlers and Town Planners to better meet those needs.

WHY

Many of the issues that businesses suffer with, from business alignment to various forms of inertia, to one size fits all to the perils of outsourcing, are a consequence of how we organize ourselves. Most the time we break companies down into silos grouped around type – i.e. type of activity, practice or data. Hence, we have Finance departments, IT departments and Security departments. Each of these silos consist of many activities, all at different stages of evolution. It is easy for a single department to adopt a one size fits all technique that invariably creates alignment issues with other groups. “We need Security to be more efficient” will be the chant of one group whilst another declares, “We need Security to be more innovative”. The more silos of this type, the more likely that alignment issues will occur. A more effective approach (used by the Next Generation companies) is to break the organization into cells connected by services. The cell-based approach based around grouping components in small teams resolves the problems of one-size fits all and many alignment issues. An example of this can be found with Amazon’s two-pizza model of working in which no team is bigger than can be fed by two pizzas (12 people). Such cell-based approaches are diffusing but are still infrequent in occurrence. The components continue to evolve and as they do so their characteristics change. Which leads to a question. Even if an organization is broken down into small cells, are the right people involved? A two-pizza approach takes advantage of componentization with each group not only providing components to others but also relying on components provided by others. The components continue to evolve and as they do so their characteristics change. Which leads to a question. Even if an organization is broken down into small cells, are the right people involved?

What

  • Cell Based Structures
  • The rules of Cell Based Structures
  • Fitness functions and co-ordination criteria

Outcomes

  • Define Security Chapters and the Aptitudes expected
  • Define what is needed to co-ordinate Cell Based Security Organisations
  • Define the Fitness Functions or criteria for security cells
  • Identify the Attitudes of Security professionals across Pioneers, Settlers and Town Planners

Who

The target audience for this Working Session is:

  • CISO’s
  • Security professionals
  • DevSecOps
  • Security champions

References

Register as participant

To register as participant add Cell based Structures for Security to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions