Wardley Maps for Security

Track: Wardley Maps
When: Wed PM-1
Where: Montague
Organizers Mario Platt Mario Platt , Tony Richards Tony Richards
Participants Ben Schofield Ben Schofield , Emma Fang Emma Fang , Florian Buetow Florian Buetow , Hwee Ching Neo Hwee Ching Neo , Jean-Jacques MOIROUX Jean-Jacques MOIROUX , Nick Drage Nick Drage , Phil Huggins Phil Huggins , Roger Comastorres Roger Comastorres , Simon Wardley Simon Wardley , Yan Kravchenko Yan Kravchenko
Remote Participants Avi Douglen Avi Douglen , Konstantinos Damianakis Konstantinos Damianakis , Luis Servin Luis Servin , Vinod Anandan Vinod Anandan

Wardley Maps are very useful for mapping out strategies along with terrain to advance security controls and efforts. For those not familiar with this concept, it was developed by Simon Wardley (@swardley) and has derived into a very useful tool for prioritizing the right work at the right time to increase the odds of successfully completing a mission.

If you are interested in learning more about this tool and how to build a Wardley Map there is great information here: Wardley Blog

Practical session on creating Wardley Maps

The DevSecOps tribe is using this format to begin an effort that helps security teams to uplevel their security programs and share forward momentum without getting lost in minutia.

In order to get the ball rolling, we have developed the following map to show the changing landscape for security with the emergence of DevOps, Mobile, and greater demands for security in software.

We’re completely open to feedback on this map and will continue to develop greater depth via add-on maps to further illustrate community efforts towards transforming security to meet the demands of DevOps.


Wardley Mapping resources

Atlas 2 - https://atlas2.wardleymaps.com/ You can login with a Google account or create one, and start mapping right away. It’s not feature rich, but a great and quick way to start

Creating Context-specific maturity models with Wardley Maps informed by Cynefin - https://medium.com/@chrisvmcd/mapping-maturity-create-context-specific-maturity-models-with-wardley-maps-informed-by-cynefin-37ffcd1d315 Lays out a process using “Building the right thing”, ‘Building the thing right” and “Building the thing fast enough” and analyse options for investment using the Cynefin to make sense of the available options

Wardley Mapping template for Google Slides - https://docs.google.com/presentation/d/11_7D5KAgEUY3FxKg0K2whpwnC4jZOrS_TO2bpD5PV5A/edit#slide=id.g2482372f53_0_0 Great set of maps, with the summary of Doctrine and icons you can use to build your own slides from Google slides. You can create your own copy and use it freely

Collection of maps - https://www.pinterest.co.uk/adrianrgcampbel/wardley-maps/ A collection of maps done for different purposes and industries you can use as inspiration or template to develop your own.

Plotting a path to a greener web - https://www.thegreenwebfoundation.org/news/plotting-a-path-to-a-greener-web-with-wardley-mapping/ A brilliant mapping exercise by the Green web foundation, which is also a great template for mapping a CI/CD environment, from its public facing services, to the systems required to build and run it.

LearWardleyMapping.com - https://learnwardleymapping.com/#introduction Brilliant summary of Wardley mapping and it’s different stages, in an easy to use UI. Probably one of the best resources to start the journey.

Evolving a business process with Wardley mapping - http://www.abusedbits.com/2018/06/evolving-business-process-with-wardley.html Using Wardley mapping to map and improve a business process, by identifying the parts that are at initial stages of development and finding more efficient ways to address them

Map of security practices (developed at previous Open Security Summit’s) - https://github.com/devsecops/wardley-maps)

Further links to be provided once updates have beeen made to the material

Register as participant

To register as participant add Wardley Maps for Security to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all User Sessions