Cutting Through the Noise: Mapping Security Tools and Initiatives to DSOMM for Measurable Results
John Smith
Abstract
Security teams invest heavily in tools, processes, and initiatives, yet demonstrating their actual impact remains a constant challenge. In this session, John will show how the DevSecOps Maturity Model (DSOMM) can serve as a practical framework for measuring the return on investment (ROI) of security activities by directly mapping tools, initiatives, and workflows to DSOMM capabilities.
By visualising where effort, budget, and tooling align within the DSOMM model, organisations can quickly identify gaps, overlaps, and areas of diminishing return. This approach helps teams focus on what genuinely improves maturity rather than what simply adds noise. Attendees will learn how to transform DSOMM into a decision-making system that enhances communication with stakeholders, highlights progress, and champions meaningful security improvements across engineering organisations.
Speaker bio
John Smith (yes, that really is his name) is a Security Architect, where he focuses on embedding security seamlessly into development workflows. He’s known for taking complex security challenges and translating them into practical, real-world solutions that engineering teams can actually use.
With more than a decade of development experience and a career that began, like many, by turning things off and on again in IT support, John is passionate about driving meaningful cultural change, enabling security initiatives that make a measurable difference, and helping organisations mature their DevSecOps practices. Hands-on by nature, he champions approaches that balance strong security with engineering velocity, clarity, and developer empathy.