AppSec Europe 2016 has ended
Friday, July 1 • 10:20 - 11:05
Grow up AppSec: A case study of maturity models and metrics

Sign up or log in to save this to your schedule and see who's attending!

How mature is your security practice? How do you show where your security services are weak and need to improve? We took a look at the current state of the art for security maturity models and were underwhelmed, they were either way too scientific, not scientific enough, or just didn’t feel right. We wanted a way to measure the maturity of the various services in our security organization, but hated everything out there. What were we to do? Like good security researchers, we decided to invent our own and put them to the test in a large enterprise organizational setting, while also trying to convince our friends and enemies that it was the best thing ever. 

This talks highlights the flaws in current maturity models and reveals a basic framework we have developed, using 7 critical measurements, to quickly assess a security program. We will talk through the pros and cons of our model, how we have adopted it, and where we see it going in the future. We will also take a specific deep dive into application specific maturity models and metrics with exciting graphs and dashboards, with open source code and fancy executive spreadsheets freely available to all who dare to follow. 

We require this to be a collaborative session, so we are anticipating and demanding feedback, criticism, praise, and drinks for our efforts – enjoy!

avatar for Jon Rose

Jon Rose

Agile Security, Dun & Bradstreet
Jon has a unique combination of an innovative entrepreneur with the proven ability to lead Fortune 500 companies. With over 16 years of experience launching products, securing environments, training and educating technology teams, and building agile security organizations, Jon has... Read More →
avatar for Rohini Sulatycki

Rohini Sulatycki

Director of Security Assessments, Dun & Bradstreet
Rohini specializes in application security, application penetration testing, mobile penetration testing, virtualization security assessments, network penetration testing and security code reviews. Rohini has conducted Secure Development Training classes for clients worldwide. Rohini... Read More →

Friday July 1, 2016 10:20 - 11:05
Room D (Tiziano Ballrom Sec. 3)

Attendees (23)