Lean Security 101 began life as an exploration of how Lean Manufacturing and Agile development apply to Information Security. As a presentation, it changed over several iterations. Once it was stable, it became a comic book and was released to reach a wider audience.

Fundamentally, security success requires not only understanding the technology, but also the people involved, their processes and business goals. Lean Security 101 addresses these issues through six core principles:

  • Effectively using both what you have and what you can get for free
  • Identifying the point of diminishing return and re-allocating budget
  • Maximizing learning opportunities
  • Engaging in small, inexpensive test projects
  • Choosing custom and rational metrics to measure what matters
  • Replacing defective systems with ones that grow with you

In the end, Lean Security helps you turn security from a catch-up game into one of strategic and competitive advantage. Success in security depends on the right mix of people, technology and process. Without all three, you are doomed to failure. For more information, download your own copy:

Enter your email address to download Lean Security 101 -The Comic

You can also watch the recorded presentation given on behalf of RJS for the July 2012 meeting of OWASP: