From none to done: how to design, deploy and lead an AppSec program using SAMM in the middle of a Digital Transformation
Max Alejandro Gómez Sánchez Vergaray
Banco de Credito PeruCybersecurity Manager
Abstract
In the presentation I’ll tell you how I’ve designed, deployed and led an application security program using SAMM. I’ll do this by explaining: 1.- How to establish a baseline and associate it with a risk profile of the organization according to assesment results. - 2.- How to define the organizational objective based on the reduction or mitigation of identified risks. 3.- How to establish an evolutionary roadmap that takes us to the set objective, achieving improvements per quarter. 4.- How to create and lead initiatives and projects that allow us to achieve the objectives set. 5.- How these initiatives allow us to move from an sdlc to an s-sdlc, positively impacting the digital transformation of the company with the integration of the Sec in DevOps, turning it into DevSecOps
Speaker bio
I’m currently dedicated to defining and directing the Cybersecurity strategy of all Software that is developed or acquired at Banco de Crédito del Perú during its Digital Transformation process; ensuring that the first-line Security units advise the Business units on the correct execution and compliance with the defined strategy. I have 9 years of experience in Cybersecurity in the financial sector, having defined and deployed the application security program successfully in addition to having trained more than 200 software development teams with around 2,100 developers, architects, security architects, security analysts and testers.