Beyond the Assessment: Charting a Security Future with SAMM
Sunny Sharma
Zebra TechnologiesPrincipal Information Security Engineer, Product and Solutions Security
Abstract
The initial SAMM assessment is just the first step on a long and rewarding journey. This presentation tells the story of how Zebra has moved “beyond the assessment” to create a sustainable, forward-looking security improvement program. We’ll briefly touch on our history with SAMM, then dive deep into our methodology for what comes next: a cycle of creating strategic roadmaps and validating progress, rather than simply reassessing. We will explore how we use risk-based target postures to focus our efforts where they matter most and how this entire process organically prepares us for demanding regulations like the EU Cyber Resilience Act. Finally, we’ll take a step back to reflect on the lessons learned so far and look forward to our vision for the future of software security, a future that is proactive, collaborative, and deeply embedded in our engineering culture.
Speaker bio
Sunny Sharma, with over a decade of experience in security industry, currently serves as the Principal Information Security Engineer for Product and Solutions Security at Zebra Technologies. In this role, Sunny leads the strategic integration of security measures into Zebra’s products and solutions, managing the overall strategy, planning, and execution of the company’s security initiatives. He works closely with engineering teams to ensure that security protocols are seamlessly embedded throughout the product development lifecycle. Sunny’s extensive background encompasses a wide range of domains, including DevOps, DevSecOps, Product & Solutions Security, Cloud Security, Architecture, and Engineering.