Our February meetup features an old friend to the OWASP chapter and an interesting presentation. As always, well be providing food and drinks.
Abstract: The Building Security In Maturity Model (or BSIMM)
BSIMM observes and measures what firms' software security initiatives are actually doing. John, who has helped several firms build or improve their security initiatives, will share sometimes surprising data about security initiatives big and small. His presentation will focus on what
activities organizations use to "boot" security initiatives and which they presently focus on.
BIO - John Steven, Internal CTO
John’s expertise runs the gamut of software security from threat modeling and architectural risk analysis, through static analysis (with an emphasis on automation), to security testing. As a consultant, John has provided strategic direction to many multi-national corporations, and his keen interest in automation keeps Cigital technology at the cutting edge. Follow John on Twitter
@m1splacedsoul.
February 9, 2014
Agreed! John did a great job really keeping the conversation broad across the various facets of getting an appsec group off the ground (and how to leverage the knowledge set in BSIMM). I didn't chime in after one of the early questions, but someone asked about how you can get an appsec group started. One tip is to write a charter (lightweight or heavyweight, depending upon how your organization rolls), and when you find a critical vulnerability or one is exploited in production and management asks how this can be prevented, you can whip out your charter and likely get some initial funding/support. I've seen that work in a real world scenario. Be ready for the "AppSec Golden Opportunity" and strike while the iron is hot. Good luck!
February 7, 2014
Excellent presentation on BSIMM. John was fantastic and wish we had more time to hear his parables. I feel empowered to know the answer to the ultimate question of life, the universe, and everything is "PANTS!"
February 6, 2014
It's that time of the month again where I ask people who don't plan to attend to change their RSVP status. Our food and drink purchases are based on the number of people we expect to attend.
February 5, 2014
Help support your Meetup
Chip in
357 Members
2,047 Google Techies and Users
2,021 Ruby enthusiasts
464 Members
1,167 Cyber Warriors
1,013 New Technologists
I decided to start Reno Motorcycle Riders Group because I wanted to be part of a group of people who enjoyed my passion... I was excited and nervous. Our group has grown by leaps and bounds. I never thought it would be this big.
— Henry, started Reno Motorcycle Riders
Meetup members, Log in
By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy
I recently moved to DC Area and would love to get a copy of the presentation from how to get an appsec group started and ideas on how to create a culture of appsec started.