This year’s three-day BSIMM Annual Conference, from October 21-23, brings a wide range of software security experts together in what is expected to be a powerhouse of workshops, presentations and guest speakers. From developing strategies to managing change, professionals from a variety of leading organizations will pool their understanding and experience to shed light on software security initiatives, including how to evolve these digital transformation efforts over time.
On the final day of the conference, Wednesday October 23rd, ZeroNorth’s own Chief Technology Officer, John Steven, will share his extensive knowledge on “What New BSIMM Activities Mean for Your Digital Transformation.” He will cite examples and data from the new BSIMM10 study he co-authored, the most recent version of the Building Security in Maturity Model announced in September of 2019. In this morning session, John will discuss the impact of DevOps on software security, including:
- How do engineering-led security cultures work in practice?
- Has DevOps culture changed what security does, how it’s done—or both?
- As an industry, are we getting any better at this?
Using concrete data pulled from over 120 highly visible organizations, including Home Depot, Wells Fargo and Aetna, John will provide a framework for companies looking to mature their security programs using best-in-class firms as a point of reference, while also offering actionable recommendations to follow.
For John, one of the most important themes to emerge from the study, as well as research by Gartner, is more interest in engineering-led efforts to create a security culture that collaborates across separate teams. In this way, engineering and development can drive security forward in the products they develop. Organizations are experiencing significant changes to the way they execute many existing activities via cloud-native technologies and with DevOps culture as well, and John plans to build on last year’s DevOps study by illustrating how engineering-led security initiatives differ from plain governance.
Together with other important findings, John will develop a clear picture of how organizations are conducting “software-defined security governance” in today’s landscape—and more specifically, how fresh actions and changes can alter the way digital transformation initiatives are implemented. Where to start, what tools to use and/or build and how to achieve greater impact by thinking beyond traditional engineering efforts.