STAREAST 2022 Concurrent Session : Enhance AppSec Maturity and Outcomes Using DevSecOps Metrics


Thursday, April 28, 2022 - 3:00pm to 4:00pm

Enhance AppSec Maturity and Outcomes Using DevSecOps Metrics

Building a mature AppSec program is critical to the success of any product in managing the most vulnerable areas of the application. How can we ensure that the DevSecOps pipeline implemented is working effectively? The paper answers them by highlighting the key measures for every CISO to monitor and track the effectiveness of the AppSec maturity.
The effective outcomes were measured by tracking 6 key metrics to validate if DevSecOps is successfully implemented. When done right, DevSecOps goes well beyond “shifting security left” to “shifting security everywhere” ensuring application is secure in development, delivery and in production with faster delivery when security is integrated in the DevOps pipeline with improved security posture enabling greater overall business success.
This paper will discuss real-world scenarios and answer the following questions that greatly benefit the audience:
• How Developers, Testers and Ops team work together to protect security?
• How can DevSecOps be adopted for both Legacy and Digital applications?
• How is Pen Testing different from SAST and DAST?
• What are the top 6 metrics every CISO must implement?


Suresh Chandra Bose, Ganesh Bose is a Senior Manager - Consulting at Cognizant Business Consulting practice. Suresh is an accredited Lead Assessor from TMMi Foundation and has been in the IT Industry for more than 23 years with vast consulting experience in various industries. He has executed strategic initiatives for many Fortune 100 companies in the areas of PMO, PPM, Process Consulting, Program Management, TMMi Assessment/Implementation, Organization Strategy, Test Consulting and CIO/Governance Dashboard/Metrics across the globe.

Suresh holds 21 International certifications in IT and speaks at numerous international conferences, such as American Society for Quality (ASQ) Innovation Conference, Docker Community with JFrog, 8.8 Computer Security Conference, American Software Testing Qualifications Board (ASTQB), DevOps Days, DevSecOps Days and the Pacific Northwest Software Quality Conference (PNSQC). Suresh has been part of the selection and review panel for a leading Software Conference.