https://github.com/OpenSecuritySummit/oss2019

title        : Wardley Maps for Security
type         : user-session    # working-session, user-session
track        : Wardley Maps
technology   :
categories   :                    # GDPR, Juice Shop, etc.
featured     :                    # review with summit team "yes"
when_day     : Tue
when_time    : PM-2
room_id      :
locked       : true
session_slack: https://os-summit.slack.com/messages/CB1HGSDHU
status       : review-content
description  : Practical session on using Wardley Maps for Security
organizers   :
    - Mario Platt
    - Tony Richards
participants :
    - Phil Huggins

Wardley Maps are very useful for mapping out strategies along with terrain to advance security controls and efforts. For those not familiar with this concept, it was developed by Simon Wardley (@swardley) and has derived into a very useful tool for prioritizing the right work at the right time to increase the odds of successfully completing a mission.

If you are interested in learning more about this tool and how to build a Wardley Map there is great information here: Wardley Blog

Practical session on creating Wardley Maps

The DevSecOps tribe is using this format to begin an effort that helps security teams to uplevel their security programs and share forward momentum without getting lost in minutia.

In order to get the ball rolling, we have developed the following map to show the changing landscape for security with the emergence of DevOps, Mobile, and greater demands for security in software.

We're completely open to feedback on this map and will continue to develop greater depth via add-on maps to further illustrate community efforts towards transforming security to meet the demands of DevOps.

![](https://github.com/devsecops/wardley-maps/raw/master/wardley-devsecops-1.0.png

(text from https://github.com/devsecops/wardley-maps)