Robert and I are joined today by Matt Clapham. Matt “makes products more secure”, I mean, hey, his Twitter handle is @ProdSec.

The topic of this interview is what Matt calls development security maturity. This concept is based on Matt’s research and also a talk he delivered at RSA. Matt created a simple process to measure the maturity of development security by looking at 5 key behaviors. We cover the what and why of development security, the 5 key behaviors, and scoring and reporting. As a conclusion, we discuss how to make the results of an assessment actionable.

Matt’s RSA slides are a great resource to review in conjunction with the interview: str-w05-estimating-development-security-maturity-in-about-an-hour-final.pdf

Bio: Matt Clapham makes products more secure. His career is a rare blend of both product development and enterprise operations. He is currently a Principal of Product Development Security at GE Healthcare. Matt previously worked as a Software Tester, IT Policy Author, and Security Advisor to all things games at Microsoft. He is quite familiar with security foibles of the Industrial Device Internet of Things and how to overcome them. Matt is a frequent speaker and author of magazine articles on IT, security, games or some combination thereof. He holds degrees in engineering and music from the University of Michigan.