Measuring Security: 5 KPIs for Successful Web App Security Programs



Registration | Hotel | Walter E. Washington Convention Center

The presentation
Modern enterprises recognize the need to test their web applications for security vulnerabilities, but few security organizations can quantify the success or failure of their programs to the business. That’s because traditional security lifecycle metrics fail to convey whether the organization is actually reducing risks. Attendees will learn how to develop organizational metrics that leverage proven QA data, in addition to security data, to form a complete picture. The session will cover five critical KPIs which demonstrate security risks associated with web applications as a function of overall software quality.

Rafal Los
Rafal "Raf" Los, is a web application security evangelist for the HP  Software & Solutions  business  at HP. Los is responsible for bridging the gaps  between security technologies  and business  needs  to reduce enterprise risks and create embedded,  lasting  solutions on  behalf of the HP Application  Security Center group. He has spent over 10 years in  various facets of information  security and data  protection, building programs at  companies  ranging from startups to Fortune 50 enterprises. Rafal is a regular speaker at security conferences including OWASP, SecTor, Defcon, CSI, and many other public and private events. Additionally, Los helped to  write the first release of  the Open Web Application  Security Project  (OWASP) testing  guide.

Prior to joining HP, Los led the web application security program  and served as a  security lead at  General Electric (GE) Consumer  Finance. Los also worked with GE Power  systems, leading security  engineering, architecture and building the web  application  security program. Before GE, Los helped build a service-oriented  security consulting  company and was among the first 25  employees in  a successful financial-based startup,  leading  internet- facing systems and security management and  architecture.

Raf received his B.S. in Computer Information Systems from  Concordia University, River Forest, Ill.