ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Can You Really Quantify AppSec ROI? Here’s the Truth! ⎜Irfaan Santoe"
Episode Synopsis
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m joined by Irfaan Santoe, a seasoned security leader who has worn many hats—from CISO to Global Head of Application Security, and now Founder and CTO of RiskApp.
Beyond his leadership roles, Irfaan is a dedicated community
builder. He leads the OWASP Netherlands Chapter, created the OWASP Security Champions Guide, and co-hosts the re:invent security podcast, a live in-person show where industry leaders share how they’re reshaping security.
In this episode, we tackle a big and often uncomfortable question: Can we actually quantify the ROI of AppSec?
Security leaders are constantly pushed to justify their budgets, but when it comes to application security, how do we measure success? Are we tracking the right metrics, or just playing a numbers game? We’ll also discuss: - The hidden costs of delaying AppSec and why technical debt is a silent killer - How security leaders can sell AppSec to executives and actually secure budget- The challenge of measuring AppSec effectiveness—what metrics actually matter?
If you’ve ever struggled to prove the value of security
initiatives—or just want a fresh perspective on AppSec priorities—this episode is for you.Connect with Irfaan: https://www.linkedin.com/in/irfaansantoeConnect with Alexandra: https://fr.linkedin.com/in/alexandra-charikovaMentioned in the video: Escape: https://escape.techRe-invent security: https://re-inventsecurity.com/RiskApp: https://www.riskapp.com/OWASP Security Champions Guide: https://owasp.org/www-project-security-champions-guidebook/ The CISO’s Guide for Implementing DevSecOps in the Enterprise: DevSecOps Visions from 10 European Information Security Leaders:
https://www.amazon.co.uk/CISOs-Guide-Implementing-DevSecOps-Enterprise/dp/9464807571How to Measure Anything in Cybersecurity Risk: https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk/dp/1119085292
Today, I’m joined by Irfaan Santoe, a seasoned security leader who has worn many hats—from CISO to Global Head of Application Security, and now Founder and CTO of RiskApp.
Beyond his leadership roles, Irfaan is a dedicated community
builder. He leads the OWASP Netherlands Chapter, created the OWASP Security Champions Guide, and co-hosts the re:invent security podcast, a live in-person show where industry leaders share how they’re reshaping security.
In this episode, we tackle a big and often uncomfortable question: Can we actually quantify the ROI of AppSec?
Security leaders are constantly pushed to justify their budgets, but when it comes to application security, how do we measure success? Are we tracking the right metrics, or just playing a numbers game? We’ll also discuss: - The hidden costs of delaying AppSec and why technical debt is a silent killer - How security leaders can sell AppSec to executives and actually secure budget- The challenge of measuring AppSec effectiveness—what metrics actually matter?
If you’ve ever struggled to prove the value of security
initiatives—or just want a fresh perspective on AppSec priorities—this episode is for you.Connect with Irfaan: https://www.linkedin.com/in/irfaansantoeConnect with Alexandra: https://fr.linkedin.com/in/alexandra-charikovaMentioned in the video: Escape: https://escape.techRe-invent security: https://re-inventsecurity.com/RiskApp: https://www.riskapp.com/OWASP Security Champions Guide: https://owasp.org/www-project-security-champions-guidebook/ The CISO’s Guide for Implementing DevSecOps in the Enterprise: DevSecOps Visions from 10 European Information Security Leaders:
https://www.amazon.co.uk/CISOs-Guide-Implementing-DevSecOps-Enterprise/dp/9464807571How to Measure Anything in Cybersecurity Risk: https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk/dp/1119085292
In God we trust