We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Why Security Initiatives Are Doomed to Fail & What You Can Do About It • Josh Armitage • YOW! 2023
Discover why security initiatives often fail and learn how to overcome common pitfalls by understanding the system and its constraints, and applying the theory of constraints to improve security workflows.
- Security initiatives are doomed to fail without understanding the system and its constraints.
- Constraints dictate the speed of security work, not the teams.
- A constraint is always outside the security team, often due to dependencies or other factors.
- Security is about influence, not execution.
- Security work is often done in addition to other tasks, without understanding the constraints.
- There are only four kinds of work: done, in progress, waiting, and dependency.
- The concept of the “constraint” is crucial in understanding workflow and applying the theory of constraints.
- Security teams are often dealing with others’ debt, and predicting the impact is hard.
- Improving security requires understanding the work shape, not just the size.
- It’s essential to prioritize and focus on the most critical parts of the workflow.
- Look for patterns and trends in the data to identify the constraints.
- Don’t fall into the trap of trying to optimize the wrong part of the system.
- Elevation of the constraint is crucial for improving workflow and security.
- The theory of constraints can help us understand and improve security workflows.
- Fixing vulnerabilities is often an iterated process, and the constraint sets the speed.
- Chasing predictability is essential for security, and understanding the work shape is key.
- It’s important to track and measure the time it takes to complete different types of work.
- Security teams should focus on providing value over time, not just struggling to keep up.
- There are many tools and frameworks available to help with security, but they are not a substitution for understanding the system and its constraints.
- Understanding the system and its constraints is essential for improving security.
- Security is a complex problem that requires a deep understanding of the system and its constraints.