“The CISO Guide provides guidance and visibility to CISOs on how to initiate an application security program, how to make the business case, how to manage the risks of applications and how to measure the those risks. The guide is structured as a journey, because application security is not a destination, it is a journey.” Marco Marona
Marco Marona, is the coordinator of the OWASP Application Security Guide For CISOs Project and Tobias Gondrom is the project lead for the OWASP CISO Survey. They have combined resources to provide us when a CISO framework for implementing an application security program. During our discussion at AppSec USA 2013, we talked about the origin of the projects and how they can be used to make a business case for application security.
“If you have a security strategy that is about a two year time frame, you have a higher chance of increasing your application security investments.The question is then, ‘How do you write that strategy?’ That question is answered in the CISO Guide.” — Tobias Gondrom
I start by asking Marco about the purpose of the CISO Guide.
Resources from this interview