Four Days Left to Get an iPad (32G), Galaxy Tab A, or $250 Off Online Training!


To attend this webcast, login to your SANS Account or create your Account.

Benchmarking AppSec: A Metrics Pyramid

  • Tuesday, March 15th, 2016 at 1:00 PM EDT (17:00:00 UTC)
  • SANS Instructor Jim Bird and Tim Jarrett
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Veracode

You can now attend the webcast using your mobile device!


So you think you've assessed your applications, scanned them, patched them and reduced your vulnerabilities, but how do you know if these actions have actually improved your organizational risk profile?

In the 2015 SANS survey on application security, only 31% of respondents felt their IT security spending was adequate, while 47% of those able to assess their environments felt their programs needed improvement.

Do you measure improvement by number of breaches? Can you prove reduction in attack surface? Did you improve compliance posture and if so by how much? What benchmarks does management actually care about?

In this webcast, SANS instructor and application expert Jim Bird will introduce his metrics pyramid covering technical, operational and executive level benchmark requirements and resources.

Attend this webcast and be among the first to receive the associated whitepaper written by SANS Instructor Jim Bird.

View the associated whitepaper here.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP) and a popular blogger on agile development, DevOps and software security at his blog, "Building Real Software." He is the CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Jim is an experienced software development professional and IT manager, having worked on high-integrity and high-reliability systems at stock exchanges and banks in more than 30 countries. He holds PMP, PMI-ACP, CSM, SCPM and ITIL certifications.

Tim Jarrett

Tim Jarrett is senior director of enterprise security strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.