We'll share a case study constructing and piloting a metrics program for secure software development in a healthcare IT company. We'll provide examples to help answer:
Why measure security in development? What do we measure and when? What does success look like? What's different in agile vs waterfall? We'll provide examples how to communicate performance data, incorporate feedback loops, and ultimately help leadership improve their cost-benefit decisions on security investments. The result of the session will be a set of specific tasks to measure security and a process to decide if you should do them.