addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartrashtriangle-downtriangle-uptwitteruseryahoo

Building a Security Initiative - Experience and BSIMM Measurement from the Field

Our February meetup features an old friend to the OWASP chapter and an interesting presentation. As always, well be providing food and drinks. 

Abstract: The Building Security In Maturity Model (or BSIMM)

BSIMM observes and measures what firms' software security initiatives are actually doing. John, who has helped several firms build or improve their security initiatives, will share sometimes surprising data about security initiatives big and small. His presentation will focus on what
activities organizations use to "boot" security initiatives and which they presently focus on.

BIO - John Steven, Internal CTO
John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction to many multi-national corporations, and his keen interest in automation keeps Cigital technology at the cutting edge. Follow John on Twitter

Join or login to comment.

  • Gurvinder S.

    I recently moved to DC Area and would love to get a copy of the presentation from how to get an appsec group started and ideas on how to create a culture of appsec started.

    February 9, 2014

  • Sean

    Agreed! John did a great job really keeping the conversation broad across the various facets of getting an appsec group off the ground (and how to leverage the knowledge set in BSIMM). I didn't chime in after one of the early questions, but someone asked about how you can get an appsec group started. One tip is to write a charter (lightweight or heavyweight, depending upon how your organization rolls), and when you find a critical vulnerability or one is exploited in production and management asks how this can be prevented, you can whip out your charter and likely get some initial funding/support. I've seen that work in a real world scenario. Be ready for the "AppSec Golden Opportunity" and strike while the iron is hot. Good luck!

    February 7, 2014

  • Mark B.

    Excellent presentation on BSIMM. John was fantastic and wish we had more time to hear his parables. I feel empowered to know the answer to the ultimate question of life, the universe, and everything is "PANTS!"

    February 6, 2014

  • Jack M.

    It's that time of the month again where I ask people who don't plan to attend to change their RSVP status. Our food and drink purchases are based on the number of people we expect to attend.

    February 5, 2014

Our Sponsors

  • Blue Canopy

    Blue Canopy is hosting the meetup and providing food and drinks.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy