Learning from Setbacks: Pitfalls and Lessons in Scaling SAMM at a Fortune 500 Company
Sunny Sharma
Zebra TechnologiesPrincipal Information Security Engineer, Product & Solutions Security
Abstract
Join us for a comprehensive exploration of the challenges faced during the ambitious journey of implementing the OWASP Software Assurance Maturity Model (SAMM) within a Fortune 500 company. This session will offer an honest and detailed account of the significant pitfalls encountered throughout this complex process. Despite thorough planning, the organization encountered unexpected obstacles, such as organizational resistance, difficulties integrating with existing processes, and strategic misalignments.
Initially, securing buy-in from key stakeholders proved challenging, highlighting the crucial need for early engagement and effective communication. Furthermore, integrating SAMM into existing workflows exposed unforeseen compatibility issues, disrupting productivity, and impacting team morale. These difficulties were exacerbated by unclear initial project scope and objectives, leading to misallocated resources and project delays.
By examining these setbacks, we aim to extract valuable lessons that can inform other organizations in their software assurance endeavors. Attendees will gain insights into the corrective actions necessary to realign the implementation strategy, including refining communication channels, establishing effective metrics and KPIs, adopting more adaptable integration methods, and developing a comprehensive change management plan. We will also address the cultural barriers encountered and the strategic initiatives implemented to promote a security-first mindset across diverse teams.
Ultimately, this presentation will provide attendees with a deeper understanding of the complexities involved in scaling SAMM. We will offer practical insights and strategies to help other organizations avoid similar pitfalls and navigate their own SAMM implementation journeys, ensuring a smoother transition towards enhanced software assurance and security practices.
Speaker bio
Sunny Sharma, with over a decade of experience in the security industry, serves as the Principal Information Security Engineer for Product and Solutions Security at Zebra Technologies. He leads the integration of security across Zebra’s products and solutions, managing strategy, planning, and execution of security initiatives. Working closely with engineering teams, Sunny ensures security is embedded throughout the product lifecycle, enhancing reliability and robustness. His expertise spans DevOps, DevSecOps, Product & Solutions Security, Cloud Security, Architecture, and Engineering, effectively bridging the gap between development and security. Holding a bachelor’s degree in information technologies and informatics, Sunny combines technical proficiency with leadership to drive Zebra’s mission of delivering secure, reliable products to a global audience. His innovative and collaborative approach addresses industry challenges, making him instrumental in advancing security excellence and strengthening Zebra’s technological offerings.