Influencing Boardroom Strategy: OWASP SAMM as a communication tool
Dag Flachet
CodificCo-founder
Abstract
We look at SAMM’S implementation from a leadership perspective. In this talk, we share some common pitfalls and strategies to overcome these. The first problem is: who should do the assessment? Someone at the business unit/ team that has all the information at hand? Or someone who is the organizational expert in SAMM and consistently scores across business units? The answer is both, but roles are to be divided in assessor and validator with a clear cyclical process. The second problem is our psychological fixation on the score. The solution is to provide a gap to target metric on which to focus. The third problem is the opaque relationship between maturity and risk. The solution lies in quantifying risk and correlating those risks with SAMM maturity scores.
Speaker bio
Dag has a doctorate in behavioral psychology and is one of the founders of Codific. He has been heavily involved with the SAMMY tool and the strategic discussion around SAMM at different organizations. He is a professor at the Geneva Business School where he has taught SAMM to managers in training and he is a member of its board of directors.