#securityselfie (size up your appsec program with new metrics)

Presented at BSidesSF 2017, Feb. 13, 2017, 1:30 p.m. (30 minutes)

Hacking around to find cool bugs is one thing; securing a codebase is another. How do you measure the overall effectiveness of your application security work? Focus inward to take a security snapshot using data that you may not realize you already have. This talk proposes several approaches for generating metrics that measure and improve your appsec work, from monitoring bug-bounty operational health to incentivizing long-term secure framework bets. Come hear how data is applied to secure the systems and code that power Facebook, WhatsApp, Instagram, and Oculus. There will be science. There will be code. You will learn new ways to use concrete numbers to assess the beautiful craft that is security engineering.

Presenters:

• Jim O'Leary - Security Engineering Manager - Facebook
  Jim O'Leary (@jimio) works on Facebook's product-security team; he delights in short biographies.

Links:

• https://bsidessf2017.sched.com/event/9IL3/securityselfie-size-up-your-appsec-program-with-new-metrics

Similar Presentations:

• BSidesLV 2017 / How to make metrics and influence people
• BSides Austin 2016 / Taking AppSec to 11: AppSec Pipelines, DevOps and Making Things Better
• AppSec USA 2016 / AppSec++ Take the best of Agile, DevOps and CI/CD into your AppSec Program