User day

Rolling out SAMM in established and diverse corporations

speaker picture

Nariman Aga-Tagiyev



Dassault Systems
Cybersecurity Engineering Manager

Abstract

Embarking on the journey of integrating OWASP SAMM into a sprawling and multifaceted organization can be a daunting task, yet an immensely rewarding one. In this collaborative session, titled “Rolling out SAMM in established and diverse corporations” participants will engage in a dynamic exchange of insights, where my experiences will serve as a springboard for collective learning and sharing.

Rather than a traditional presentation, this session will unfold as a group collaboration, fostering an interactive environment where participants will glean firsthand insights into the strategies employed to sway decision-makers towards embracing the OWASP SAMM model. From crafting compelling narratives to demonstrating tangible ROI, we’ll uncover the keys to gaining organizational buy-in.

As in any complex task, the most difficult part is often taking the first step. We’ll explore the various options to kickstart the process, discussing how to motivate teams and cultivate a network of internal allies to champion the cause.

Furthermore, we’ll look into the consequential benefits of implementing a maturity framework within a software company. I’ll discuss how embracing SAMM can boost learning and knowledge sharing, sparking a ripple effect of heightened awareness and interest in cybersecurity across the organization.

Scaling within a diverse and expansive organization presents its own set of challenges. Together, we’ll delve into practical strategies honed through trial and error, offering insights into streamlining processes and fostering widespread adoption.

However, no journey is devoid of obstacles. Through open discussion, we’ll candidly address the lingering challenges and the ongoing quest to overcome them, underscoring the importance of resilience and adaptability in the face of adversity.

In the spirit of collaboration and mutual learning, I’ll conclude by inviting participants to share their own approaches and perspectives, fostering a dynamic exchange of ideas that enriches our collective understanding.

Join me as we unravel the roadmap from zero to hero in the realm of cybersecurity maturity through collaborative insight.

Speaker bio

Nariman Aga-Tagiyev is an Application Security Architect with over two decades of experience in software development. Over the course of his career, Nariman has worn multiple hats, serving as a full stack web application developer, backend developer, DevOps engineer, and cloud developer. However, since 2016, his focus has been exclusively dedicated to the realm of Application Security and advancing Software Security Development Life Cycle (SSDLC) maturity.