Robert and I are joined today by Matt Clapham. Matt “makes products more secure” I mean, hey, his Twitter handle is @ProdSec.

The topic of this interview is what Matt calls development security maturity. This concept is based on Matt’s research and his talk at RSA. Matt created a simple process to measure the maturity of development security by looking at five key behaviors. We cover the what and why of development security, the five key behaviors, and scoring and reporting. In conclusion, we discuss how to make the results of an assessment actionable.

Matt’s RSA slides are a great resource to review in conjunction with the interview: str-w05-estimating-development-security-maturity-in-about-an-hour-final.pdf

Bio: Matt Clapham makes products more secure. His career is a rare blend of both product development and enterprise operations. He is currently a Principal of Product Development Security at GE Healthcare. Matt previously worked as a Software Tester, IT Policy Author, and Security Advisor to all things games at Microsoft. He is familiar with the security foibles of the Industrial Device Internet of Things and how to overcome them. Matt is a frequent speaker and author of magazine articles on IT, security, games, or some combination thereof. He holds degrees in engineering and music from the University of Michigan.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~