User day

Nariman AGA-TAGIYEV

Secure Habits
Cybersecurity Architect

Abstract

Starting an application security program is rarely blocked by technology - it is most often slowed down by soft challenges such as alignment, communication, and stakeholder buy-in. OWASP SAMM offers a strong framework for structuring an AppSec strategy, but the real impact comes from how we manage people, priorities, and processes in the early stages.

This session focuses on the non-technical side of SAMM adoption. We will explore how to organize and run effective kickoff meetings, choose workshop formats that engage diverse stakeholders, and create momentum that bridges security and business goals. Real-world lessons will be shared on addressing resistance, balancing perspectives, and turning initial conversations into lasting progress.

Attendees will leave with practical techniques to tackle the soft challenges that determine success or failure, and a playbook for ensuring their AppSec program delivers hard impact with OWASP SAMM.

Speaker bio

Nariman Aga-Tagiyev is an Application Security Architect with over two decades of experience in software development. Throughout his career, Nariman has worn many hats, serving as a developer, software architect, DevSecOps engineer, and cloud architect.

Since 2016, however, he has focused exclusively on Application Security and advancing the maturity of the Software Security Development Lifecycle (SSDLC). He has led the development of AppSec programs for international corporations, including initiatives in software supply chain security, threat modeling, and Security Champions programs.