2025-08-21 –, Room 1
Language: Español
Ensuring the security of an organization's digital transformation process is a major challenge! One way to achieve this is by creating an AppSec program that ensures the security of delivered digital products. In this session, I want to show you how I did it at one of the largest banks in LatAm
In the presentation I'll tell you how I've designed, deployed and led an application security program using SAMM. I'll do this by explaining every stept of this beautiful but very challenging road: At first, how to establish a baseline and associate it with a risk profile of the organization according to assesment results. Then, how to define the organizational objective based on the reduction or mitigation of identified risks stablishing an evolutionary roadmap that takes us to the set objective, achieving improvements per quarter. Subsequently, how to create and lead initiatives that allow us to achieve the objectives set. And, finally, how these initiatives allow us to move from an sdlc to an s-sdlc, positively impacting the digital transformation of the company with the integration of the Sec in DevOps, turning it into DevSecOps
I designed and led the application security program during the digital transformation process of one of the largest banks in Latin America, training more than 2,000 people in secure software development, specially in Secure Design using OWASP Cornucopia & another tools for threat modeling. I´m a Cornucopia Contributor and have translated the official version to spanish.