Putting Application Security Maturity Models in Practice (Ketan Vyas)

Date: December 3rd, 2012


Software developed, deployed or acquired keeping security in mind can resist and tolerate attacks, and recover from attacks more effectively than counterparts. There is no silver bullet or shortcuts for application security; it can only be achieved by systematically identifying, analysing and addressing security risk at every phase of project life cycle. Cloud computing and pervasive mobility brings unique dimensions to application security.
Organizations struggle to effectively implement application security due to budgetary constraints and delivery schedule pressure. The maturity models such as Open SAMM and BSIMM provides excellent ways to measure and improve application security initiatives. Putting these models in practice for different type of projects like development, maintenance, COTS or production support at different stage of project execution is always a challenge.
This workshop offers methodical guidance and practices that help managers in improving their application security posture and provide strategic guidance to delivery teams on adopting maturity model to gradually improve software assurance program.
By the end of this workshop, delegates will:

  • Understand customers perceptions on legal and regulatory compliance
  • Handle application security incidents and escalations properly
  • Manage application security risk
  • Know the maturity model practices in real life scenarios
  • Estimate cost and efforts for application security
  • Understand competency development
  • Measure application security effectiveness and improvement
  • Learn how to promote application security initiative


  • 1 Day – 9.30 a.m. to 5.30 p.m.

Who should attend?

  • Security Managers
  • Product Delivery Heads
  • Project Managers
  • Security Process Owners


  • All delegates will receive a workshop handbook and CD containing workshop presentations, exercises, templates, checklists and tools, for personal and noncommercial use.

Speaker: Ketan Vyas

Ketan Vyas heads Application Security Initiative for Tata Consultancy Services (TCS). He is the Chief Architect of TCS’s Software Security Assurance framework and responsible for developing process, techniques, methodology and tools for embedding security throughout delivery life cycle. He also oversees security implementation in large engagements and security product purchases.
Ketan has 15 years of experience in security, software development and product evaluation. Prior to joining TCS, Ketan has worked for organizations like Net-square solutions, Contech Software Limited, Indian Space Research Organization (ISRO) and Maharshi Electronics Systems.
Disclaimer: The views and opinions expressed during this workshop are those of the speaker alone and do not necessarily reflect the positions or opinions of employer or employer affiliates. This workshop is based on speaker’s current knowledge on subject and personal experience. Please verify it independently before making decision based on it. In addition, any views or opinions expressed by audience during session are theirs and do not necessarily reflect speaker’s.