Sammy Migues's Linkedin Analytics

I’m a lifelong innovator who has made a career of helping organizations address hard cybersecurity problems. While growing consultancies and revenues, my priorities as a senior technical leader included defining the cybersecurity problems CxOs and their organizations will be facing in the coming 12-24 months and maturing the people, offerings, technologies, and skill sets to deliver with high quality at scale. Those offerings include market-leading solutions that span software security, governance and risk management models, compliance, metrics and dashboards, threat modeling, DevSecOps, software supply chain security, and digital transformation. Delivery models include consulting, products, SaaS, and partnerships. My approach to creating lasting organizational change has always been simple: wise spending balances business differentiators, controls, debt, risk reduction, and productivity. Good metrics show whether efforts are working. In the early days, I contributed practical security models and approaches to seminal security works such as the Rainbow Books, Common Criteria, PCI, CMU CERT, and Government and NIST standards. More recently, I’m a creator of the Building Security In Maturity Model (BSIMM), a set of controls and an assessment methodology for creating software security program scorecards. The BSIMM’s interview-based approach allowed me to talk with over 1000 CISOs, managers, and engineers, and create annual publications on what I learned. I’m also a creator of the BSIMMsc, a streamlined method for analyzing and scoring software vendors’ secure development practices and a creator of The CISO Study, an analysis of and scoring approach for CISO security management practices. My research has appeared in journals such as IEEE Security & Privacy, IEEE Software, ACM Proceedings, and in many industry publications. I’m a frequent speaker and am often asked to simplify complex topics for the press and for those who need simple guidance in making important security risk management decisions.