We'll share a case study constructing and piloting a metrics program for secure software development in a healthcare IT company. We'll provide examples to help answer:
Why measure security in development? What do we measure and when? What does success look like? What's different in agile vs waterfall? We'll provide examples how to communicate performance data, incorporate feedback loops, and ultimately help leadership improve their cost-benefit decisions on security investments. The result of the session will be a set of specific tasks to measure security and a process to decide if you should do them.
Jared Pfost has been learning and advancing the security field for 19 years. Jared's career combines working in IT Security teams and consulting with designing and shipping security software in startups and at Microsoft. Jared is a self -proclaimed process nut and has demonstrated you don't need unlimited resources to run a measurable, accountable, and effective security shop.