[SAMM] Job Description

McGovern, James F. (eBusiness) James.McGovern at thehartford.com
Mon Dec 7 11:43:11 EST 2009


Not quite sure of how to flush it out, but let me share more on my
thoughts for asking.  
 
1. I need to complete an HR approved job description such that in my day
job, we get the opportunity for someone to have as their fulltime job
the championing of SAMM internally. We want to do this via "influence"
over "command and control". We will of course have executive support
(they will sign off on funding) but will only be periodic mouthpieces.
 
2. As an observer, I think all of the analysis / comparisons on maturity
models in this space have outlined more of the process. What is sorely
lacking is the "profile" of the individuals and what characteristic
about them made their adoption of SAMM successful. So, I want to capture
more of the people aspects and will make a great supporting document to
SAMM.
 
3. If we capture the above, it could also serve as input into something
I think would absolutely rock. I know that folks will jump all over me
for mentioning certification, but if you look at Scrum, the notion of a
Certified ScrumMaster has caused lots of mouthpieces to emerge. I do
want to expend effort in creating something similiar to help evangelize
SAMM.

________________________________

From: samm-bounces at lists.owasp.org [mailto:samm-bounces at lists.owasp.org]
On Behalf Of Eoin
Sent: Monday, December 07, 2009 11:35 AM
To: Software Assurance Maturity Model (SAMM)
Subject: Re: [SAMM] Job Description


"how it would feel" - James can you flesh out this question?


 
2009/12/7 McGovern, James F. (eBusiness)
<James.McGovern at thehartford.com>


	So, I think this answers what they need to know in terms of a
body of knowledge. Looking for insight into how it would feel. Would it
feel like an Enterprise PMO or more like an Agile Coach, ScrumMaster? 

________________________________

	From: samm-bounces at lists.owasp.org
[mailto:samm-bounces at lists.owasp.org] On Behalf Of Eoin
	Sent: Monday, December 07, 2009 11:24 AM
	To: Software Assurance Maturity Model (SAMM)
	Subject: Re: [SAMM] Job Description
	
	
	Hi 
	My exp of samm would dictate;
	 
	Regarding a process weeine this actually helps, experience in
interviewing (audit interviews) and getting to an accurate answer us
very important. Someone with SDLC security and
	with 27001 exposure would be great at the job.
	SDLC experience (From secure dev to change control to awareness
and training rollout etc) is important and also knowledge of the
industry being audited; this helps with developing a roadmap and what to
focus on.
	 
	my 10 cent
	 
	-ek
	 
	 
	 
	 


	 
	2009/12/7 McGovern, James F. (eBusiness)
<James.McGovern at thehartford.com>
	

		If a large enterprise wanted to annoint an individual to
rollout SAMM, what would the job description look like? What are some of
the characteristics this individual would need in order to be
successful? Could they be successful in being a process weenie alone or
is something else required? Do they need to know how to program? Do they
need to know about project/program management?

	
************************************************************
		This communication, including attachments, is for the
exclusive use of addressee and may contain proprietary, confidential
and/or privileged information.  If you are not the intended recipient,
any use, copying, disclosure, dissemination or distribution is strictly
prohibited.  If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this communication and
destroy all copies.
	
************************************************************

		_______________________________________________
		SAMM mailing list
		SAMM at lists.owasp.org
		https://lists.owasp.org/mailman/listinfo/samm
		
		




	-- 
	Eoin Keary
	OWASP Global Board Member
	OWASP Code Review Guide Lead Author
	OWASP Ireland Chapter Lead
	OWASP Global Committee Member (Industry)
	
	http://asg.ie/
	https://twitter.com/EoinKeary
	
	************************************************************
	This communication, including attachments, is for the exclusive
use of addressee and may contain proprietary, confidential and/or
privileged information.  If you are not the intended recipient, any use,
copying, disclosure, dissemination or distribution is strictly
prohibited.  If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this communication and
destroy all copies.
	************************************************************

	_______________________________________________
	SAMM mailing list
	SAMM at lists.owasp.org
	https://lists.owasp.org/mailman/listinfo/samm
	
	




-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

http://asg.ie/
https://twitter.com/EoinKeary

************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/samm/attachments/20091207/f9ba8a26/attachment-0001.html 


More information about the SAMM mailing list