Take your cyber security skills to the next level with SANS training in Miami! Save $300 thru 11/20.


To attend this webcast, login to your SANS Account or create your Account.

The ROI of AppSec: Getting your Money's Worth from Your AppSec Program

  • Thursday, November 30th, 2017 at 1:00 PM EDT (18:00:00 UTC)
  • Jim Bird, Maria Loughlin, and Ellen Nussbaum
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Veracode

You can now attend the webcast using your mobile device!


Cloud computing did more than change the focus of corporate development from homegrown software aimed at employees to customer-facing apps able to survive exposure outside the corporate perimeter.

It shifted at least some of the responsibility for application security onto development and forced development managers to not only build in security, but also to figure out how to justify costs only InfoSec had to worry about before.

Efficiency is as important in appsec as it is in cost-justifying dev tools, but there is much more involved in reaching it than simply maximizing the production of code. Knowing how much a flaw costs to fix depends on the accuracy of your point of reference as well when the flaw is discovered, where it is, when and by whom it is fixed, according to SANS development and financial-analysis expert Jim Bird.

Justifying appsec spending requires not only knowing how efficient a tool and process can be, but also how cost-effective they are and how that approach compares to others - questions that depend on determining levels of risk, the varying costs of remediation and, ultimately, the potential cost of a breach.

Register for this webcast and Bird will walk you through models he's built to estimate those costs. You'll learn how to use cost models to produce credible cost analyses you can use to help guide your own appsec decisions, and to help justify appsec spending in budget proposals.

Click here and you'll be among the first to receive an associated whitepaper with full analysis of the varied factors in determining the ROI of appsec by report author and SANS expert Jim Bird.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP) and a popular blogger on agile development, DevOps and software security at his blog, "Building Real Software." He is the CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Jim is an experienced software development professional and IT manager, having worked on high-integrity and high-reliability systems at stock exchanges and banks in more than 30 countries. He holds PMP, PMI-ACP, CSM, SCPM and ITIL certifications.

Maria Loughlin

Maria Loughlin is Senior Vice President of Engineering at Veracode, where she manages the development and operations of Veracode's industry-leading Application Security software. In five years she has driven substantial growth in the product portfolio and the engineering team, scaling development practices and significantly expanding the technology stack. Loughlin has over 20 years' experience leading software development at high-growth technology, SaaS and web content companies. She most recently served as VP of Engineering at Memento Security and held prior leadership positions at Kronos, Open Market and Digital Equipment Corporation. She holds a Master's degree in computer science from Brown University and a bachelor's degree in electrical engineering from University College, Cork, Ireland.

Ellen Nussbaum

Ellen Nussbaum is Senior Vice President of Services at Veracode, where she is responsible for the successful adoption of Veracode’s solutions by its customers. This includes program management, application security consulting, manual penetration testing and customer support. The majority of her career has focused on services management and delivery. Prior to joining Veracode, Nussbaum was vice president of client services, marketing and sales consulting at Fidelity Information Services, where she led the team responsible for the delivery of its Risk, Fraud and Compliance solutions. She holds an MBA degree from Harvard University and a Bachelor of Science degree in Economics from the Wharton School of the University of Pennsylvania. 



Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.