2. I Define the future
What does
success looks like
01
Who is responsible
for what
02
What are key
milestones along
the way
03
3. II Discover Code Movement
Know the code
pipeline
01
Treat Code as app
infrastructure
02
Have Quality
control for risk
reduction
03
4. III Inventory for Security Tools
Know what you own
01
Know why it was
purchased/procured
02
Find out the total
cost of
ownership(TCO)
03
5. IV.
Asses
Gaps
Pick a framework if you don’t have
Prepare for control gaps and
overlaps
Having less security tools lessens
complexity but balance
accordingly