How we embedded a security mindset within our company

1

https://www.linkedin.com/in/jimvdwaal/

My slides will become available

2

https://www.linkedin.com/in/jimvdwaal/

3

The last 4 years

• Information Analyst

•Scrum Master

• IT Project Manager

•Product Owner

4

5

17 oktober 20186

Tweedehands verkopen

Boeken Entertainment Elektronica

Klein huishoudelijk Baby Kinder- enzwangeschapskleding

Speelgoed Dier Wonen & Slapen Sieraden, Horloges & Tassen

Zakelijk verkopen via bol.comDigitaal lezen

Start in een port-a-cabin Actief in België Overname door Ahold

Logistiek via bol.combol.com app

Onbeperktlezen

Koken & tafelen

Tuin & klussen

Sport &vrije tijd

Groot huishoudelijk Mooi & Gezond Bespaar Continu

7

> €1.5 billion in revenue

> 95%brand

awareness

> 100.000 orders per day

And the security challenge it brings

8

0

200

400

600

800

1000

1200

1400

1600

1800

1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017

€ I

N M

ILL

ION

S

YEAR

Revenue

Our journey

9

In security

18

A simplified visualisation

19

Business Analysis

Information Analysis

Development Testing

Business Analysts

Product Owner

Information Analyst

Engineers Tester

A simplified visualisation

20

Business Analysis

Information Analysis

Development Testing

Business Analysts

Product Owner

Information Analyst

Engineers Tester

A simplified visualisation

21

Business Analysis

Information Analysis

Development Testing

Business Analysts

Product Owner

Information Analyst

Engineers Tester

As a successful strategy

22

Developers write code, analysts write user stories.

Hackers write hacks, analysts write abuser stories.

23

24

25

26

Example process

27

Product in basket

Checkout

Example process

28

Product in basket

Checkout

Example process

29

Product in basket

Checkout

Reserve product in stock

Example process

30

Product in basket

Checkout

Reserve product in stock

A simplified visualisation

31

Business Analysis

Information Analysis

Development Testing

By giving workshops

32

Hack Defense

Did it actually help?

33

Agility

34

Ownership

35

A very big security team.

36

37

Do It Yourself!

38

https://www.linkedin.com/in/jimvdwaal/

till next bol.com

Just ask