Top Cybersecurity Training Protects Your Assets - Learn From the BEST and Apply New Knowledge Immediately!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The ROI of AppSec: Getting your Money's Worth from Your AppSec Program

  • Thursday, November 30, 2017 at 1:00 PM EDT (2017-11-30 18:00:00 UTC)
  • Jim Bird, Maria Loughlin, Ellen Nussbaum


  • Veracode

You can now attend the webcast using your mobile device!



Cloud computing did more than change the focus of corporate development from homegrown software aimed at employees to customer-facing apps able to survive exposure outside the corporate perimeter.

It shifted at least some of the responsibility for application security onto development and forced development managers to not only build in security, but also to figure out how to justify costs only InfoSec had to worry about before.

Efficiency is as important in appsec as it is in cost-justifying dev tools, but there is much more involved in reaching it than simply maximizing the production of code. Knowing how much a flaw costs to fix depends on the accuracy of your point of reference as well when the flaw is discovered, where it is, when and by whom it is fixed, according to SANS development and financial-analysis expert Jim Bird.

Justifying appsec spending requires not only knowing how efficient a tool and process can be, but also how cost-effective they are and how that approach compares to others - questions that depend on determining levels of risk, the varying costs of remediation and, ultimately, the potential cost of a breach.

Register for this webcast and Bird will walk you through models he's built to estimate those costs. You'll learn how to use cost models to produce credible cost analyses you can use to help guide your own appsec decisions, and to help justify appsec spending in budget proposals.

Click here and you'll be among the first to receive an associated whitepaper with full analysis of the varied factors in determining the ROI of appsec by report author and SANS expert Jim Bird.

Speaker Bios

Jim Bird

Jim Bird, SANS analyst and co-author of SEC540 Cloud Security & DevOps Automation, is an active contributor to the Open Web Application Security Project (OWASP), and an author of books on Agile Security and DevSecOps. He has worked at major technology organizations and financial institutions around the world in software development, operations and IT security.

Maria Loughlin

Maria Loughlin is Senior Vice President of Engineering at Veracode, where she manages the development and operations of Veracode's industry-leading Application Security software. In five years she has driven substantial growth in the product portfolio and the engineering team, scaling development practices and significantly expanding the technology stack. Loughlin has over 20 years' experience leading software development at high-growth technology, SaaS and web content companies. She most recently served as VP of Engineering at Memento Security and held prior leadership positions at Kronos, Open Market and Digital Equipment Corporation. She holds a Master's degree in computer science from Brown University and a bachelor's degree in electrical engineering from University College, Cork, Ireland.

Ellen Nussbaum

Ellen Nussbaum is Senior Vice President of Services at Veracode, where she is responsible for the successful adoption of Veracode’s solutions by its customers. This includes program management, application security consulting, manual penetration testing and customer support. The majority of her career has focused on services management and delivery. Prior to joining Veracode, Nussbaum was vice president of client services, marketing and sales consulting at Fidelity Information Services, where she led the team responsible for the delivery of its Risk, Fraud and Compliance solutions. She holds an MBA degree from Harvard University and a Bachelor of Science degree in Economics from the Wharton School of the University of Pennsylvania. 



Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.