Minutes for the Security Team's Q3 2022 (January to March 2022) Quarterly Work Estimates
Attending: MMartorana, MStyles, SBassett
This a quarterly estimate of work allocations for members of the Application Security Team. These incorporate all types of work, from recurring operational activities to OKRs, 20% time and work done in our "spare time". These estimates should serve as a high level overview of "what is the AppSec Team working on this quarter?", which can otherwise be a bit difficult to parse with many separate sources of record: Phabricator, Gerrit, Betterworks, Know Your Team, Random Google docs, Random conversations with managers, etc.
Work
|
Time Spent, Est
|
Clinic/Security Bugs
|
5%
|
Security Release
|
5%
|
AppSec Pipeline
|
50%
|
AppSec Security Reviews
|
20%
|
20% Time - OSWE course study, PentesterlabPRO
|
20%
|
Work
|
Time Spent, Est
|
Clinic/Security Bugs
|
5%
|
Security Releases
|
5%
|
Pentesting Management
|
25%
|
Security Awareness
|
25%
|
AppSec Security Reviews
|
20%
|
20% Time - Security API
|
20%
|
Work
|
Time Spent, Est
|
Clinic Work/Security Bugs
|
5%
|
Security Release Work
|
50%
|
Code Quality Work
|
25%
|
20% Time - ?
|
20%
|
Work
|
Time Spent, Est
|
Clinic/Security Bugs
|
10%
|
Security Release
|
10%
|
AppSec Pipeline
|
40%
|
AppSec Security Reviews
|
20%
|
20% Time - How To Perform Review doc
|
20%
|