This is the second part of Tuesday’s session, with a hands-on approach.
**Original, Part 1 description, below**
Over the past year, NetSPI has been working on a new approach to manage and measure application security. By combining OWASP’s Software Assurance Maturity Model, traditional risk assessment methodologies, and experience developing security metrics, NetSPI developed a methodology that may be used to help organizations improve the way they manage and prioritize their application security initiatives. Once fully developed, this approach will be donated to OWASP either as an add-on to the existing SAMM project or as a new project intended to improve application security management. In this presentation, NetSPI will provide a detailed walk-through of the overall methodology as well as OWASP’s SAMM project. We will provide examples of the types of metrics and executive dashboards that can be generated by using this approach to managing application security and help highlight various ways this information can be used to further improve the overall maturity of application security programs.
About Yan Kravchenko
Yan Kravchenko has over 17 years of IT and information security consulting experience, the last four with NetSPI . Most recently Yan served as the Director of IT for a $250M company. Prior to that Yan spent seven years performing IT Audits. In addition to a strong understanding of audit and compliance, Yan has a deep technical background.
Yan has specialized in the healthcare and technology fields but has also worked extensively with clients in government, education, manufacturing and agriculture. He is a founding member of the Twin Cities HITRUST SIG, which helps organizations implementing the HITRUST Common Security Framework and is a leading authority on compliance with the DEA’s Electronic Prescriptions of Controlled Substances rule. He has developed the industry’s first DEA EPCS program guide.
Yan holds a variety of certifications including: CISSP, QSA, CISA, CISM, PCIP
