Connecting the dots: 5 lessons learned from an 8-year journey of an AppSec Program using SAMM
Max Alejandro Gómez-Sánchez Vergaray
Abstract
Steve Jobs famously said in one of his most memorable speeches, “You can’t connect the dots looking forward; you can only connect them looking backward.” In this talk, I’ll show you how that perfectly applies to an AppSec program. I’ll share the five most important lessons I learned during my eight-year journey leading the AppSec program at one of Latin America’s largest banks using SAMM.
Speaker bio
I designed and led the application security program during the digital transformation process of one of the largest banks in Latin America, training more than 3,000 people in secure software development, specially in Secure Design using OWASP Cornucopia, another tools for threat modeling and in DevSecOps. I’m a Cornucopia Contributor, have translated the official version to spanish and have designed the Abuse Case Modeling methodology for playing Cornucopia.