User day

Using OWASP SAMM to kickstart the SSDLC - Lessons learned from real-world projects

speaker picture

Thomas Kerbl

SEC Consult
Principal Security Consultant


Thomas talks about his experiences applying OWASP SAMM at different companies and discusses typical pitfalls to avoid when implementing security activities in the software development life-cycle. Aiming for a consistent maturity level across all security functions may seem appealing on paper, but in practice a more nuanced approach will help you ramping up your security posture much faster. Thomas will discuss how to use your security requirements as the backbone of secure software development and why enabling security champions is a great starting point to kickstart your SSDLC.

Speaker bio

Thomas has worked as a security consultant at SEC Consult for over 15 years. In his role as principal security consultant and team leader, he does not only lead a team of experts, but is also still involved in customer projects hands-on. Currently he is engaged in projects concerning “Secure Software Development” and “Security Architecture” where he incorporates his experiences as a former penetration tester and security requirements engineer.