This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, July 1 • 10:20 - 11:05
Grow up AppSec: A case study of maturity models and metrics

Sign up or log in to save this to your schedule and see who's attending!

How mature is your security practice? How do you show where your security services are weak and need to improve? We took a look at the current state of the art for security maturity models and were underwhelmed, they were either way too scientific, not scientific enough, or just didn’t feel right. We wanted a way to measure the maturity of the various services in our security organization, but hated everything out there. What were we to do? Like good security researchers, we decided to invent our own and put them to the test in a large enterprise organizational setting, while also trying to convince our friends and enemies that it was the best thing ever. 

This talks highlights the flaws in current maturity models and reveals a basic framework we have developed, using 7 critical measurements, to quickly assess a security program. We will talk through the pros and cons of our model, how we have adopted it, and where we see it going in the future. We will also take a specific deep dive into application specific maturity models and metrics with exciting graphs and dashboards, with open source code and fancy executive spreadsheets freely available to all who dare to follow. 

We require this to be a collaborative session, so we are anticipating and demanding feedback, criticism, praise, and drinks for our efforts – enjoy!

avatar for Jon Rose

Jon Rose

Agile Security, Dun & Bradstreet
Jon has a unique combination of an innovative entrepreneur with the proven ability to lead Fortune 500 companies. With over 16 years of experience launching products, securing environments, training and educating technology teams, and building agile security organizations, Jon has a deep and wide understanding of organizational capabilities for both start-ups and large scale organizations.
avatar for Rohini Sulatycki

Rohini Sulatycki

Dun & Bradstreet
Rohini specializes in application security, application penetration testing, mobile penetration testing, virtualization security assessments, network penetration testing and security code reviews. Rohini has conducted Secure Development Training classes for clients worldwide. Rohini has been a technical reviewer and has presented at various security events including Black Hat and FROC. Rohini has served as the president of the Kansas City OWASP... Read More →

Friday July 1, 2016 10:20 - 11:05
Room D (Tiziano Ballrom Sec. 3)

Attendees (23)