AppSec as a Habit
Nariman AGA-TAGIYEV
Dassault SystemesApplication Security Architect
Abstract
Application security isn’t just about policies and tools—it’s about habits. How can we ensure that security activities like threat modeling, secure code reviews, and vulnerability management become second nature for development teams? In this talk, we’ll explore how Charles Duhigg’s Habit Loop can be applied to embed security into daily workflows. We’ll break down how to design effective security cues, establish repeatable security routines, and reinforce habits with meaningful rewards. Using real-world examples, attendees will learn practical strategies to integrate security seamlessly into software development—without adding friction or overwhelming teams. Join this session to discover how behavioral science can turn security best practices into lasting habits!
Speaker bio
Nariman Aga-Tagiyev is an Application Security Architect with over two decades of experience in software development. Over the course of his career, Nariman has worn multiple hats, serving as a full stack web application developer, backend developer, DevOps engineer, and cloud developer. However, since 2016, his focus has been exclusively dedicated to the realm of Application Security and advancing Software Security Development Life Cycle (SSDLC) maturity. Since 2024, he is a member of the OWASP SAMM project core team.