Name: Rethinking Security Metrics Through the Lens of Cognitive Load
Start: 2025-09-17T12:00:00-04:00
End: 2025-09-17T13:00:00-04:00

When we talk about measuring security culture, we describe the **positive impacts that people have** on the security posture of the company. As security leaders, we’re asked to demonstrate that our initiatives like training, Security Champion programs, and SDL have clear benefits. But **are we considering the cognitive cost of our programs**? Every dashboard goal, every “shift left” security integration, and every expectation placed on engineering teams adds to their mental workload, and that load, when unmanaged, silently derails even the most well-intentioned efforts.

This talk presents practical examples for designing **security culture metrics** that are both impactful and human-aware. At the core is a behavioral science principle often overlooked in security design: **cognitive load theory**—and how this tool can be used to craft realistic metrics that take the human element into account.

Kelly Santalucia

Jerry Hoff

OWASP Virtual Chapter

OWASP® Foundation 

Technology

Open Source

Network Security

Application Security

Web Security

Cloud Security

Computer Security

Cybersecurity

Web Application Security

Penetration Testing

Software Security

Computer & Information Network Security

Information Security

**Marisa Fagan** is Head of Product at a “security champions as a service” startup called Katilyst. She works on building security into the SDLC and empowering developers to own secure code. Previously, she has worked as a security culture expert at places like Atlassian, Synopsys. Salesforce, Bugcrowd, and Facebook. Since 2024, she has been a contributor to the OWASP Security Champions Guide Project and Track Lead for the OWASP AppSecGlobal Conferences. She lives in San Francisco, CA, USA.

**Juliane Reimann** is a Founder & Security Community Expert @ FullCyrcle Security. She has worked as a cyber security consultant for large companies since 2019 with focus on DevSecOps and Community Building. Her expertise includes building security communities of software developers and establishing developer centric communication about secure software development topics. Before going into the field of Cyber Security she founded different companies in the area of web development. Due to her background in web development she has extensive knowledge of the software development life cycle. Since 2024, she has been a core member of the OWASP Security Champions Guide Community.






Marisa Fagan & Juliane Reimann

Rethinking Security Metrics Through the Lens of Cognitive Load

Online event

Share this event

Rethinking Security Metrics Through the Lens of Cognitive Load

Details