Milan Williams, a Senior Product Manager at Semgrep with a background in computer science and physics from Harvard, dives into the world of application security metrics. She emphasizes the need for metrics to not only track progress but to be actionable and relatable through storytelling. Milan discusses how a collaborative approach between security and development teams can enhance teamwork and address vulnerabilities effectively. By making security metrics meaningful, she highlights their impact on career growth and resource allocation.
36:16
forum Ask episode
web_stories AI Snips
view_agenda Chapters
menu_book Books
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Importance of AppSec Metrics
Metrics in AppSec provide a sense of progress amidst an overwhelming vulnerability landscape.
They're also valuable for career advancement and securing necessary resources.
volunteer_activism ADVICE
Making Metrics Interesting
Make metrics engaging by providing context and telling a story.
Instead of just presenting numbers, explain the change over time and its significance.
question_answer ANECDOTE
Origin of the Metrics Framework
Milan Williams developed the AppSec metrics framework based on interviews with AppSec leaders and IT professionals.
She discovered a common struggle to justify security investments and gain organizational support.
Get the Snipd Podcast app to discover more snips from this episode
The Power of Introverts in a World That Can't Stop Talking
Susan Cain
In 'Quiet', Susan Cain presents a comprehensive argument that modern Western culture misunderstands and undervalues the traits and capabilities of introverted people. She charts the rise of the 'Extrovert Ideal' and explores how it permeates various aspects of society, including workplaces, schools, and social interactions. Cain draws on research from biology, psychology, neuroscience, and evolution to demonstrate that introversion is common, normal, and valuable. The book offers advice for introverts on functioning in an extrovert-dominated culture and advocates for changes to support and recognize the contributions of introverts. It also distinguishes between introversion, shyness, and anti-social behavior, and highlights the unique strengths of introverts, such as deep thinking, persistence, and excellent negotiation skills.
Measure What Matters
Laura Patterson
John Doerr's "Measure What Matters" explores the power of Objectives and Key Results (OKRs) as a goal-setting system. The book showcases how OKRs have been used by companies like Google and Intel to achieve ambitious goals. Doerr emphasizes the importance of setting clear, measurable objectives and tracking progress regularly. The book also highlights the importance of aligning goals across teams and organizations. It provides a practical framework for setting and achieving ambitious goals in various contexts, including business and personal life.
Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can often feel like an overwhelming security landscape, and they're valuable for career advancement and securing resources. We discuss metrics categories and several specific metrics that are good to track. Milan shares important principles on the importance of making metrics actionable through storytelling and relating security impacts to real-world consequences for users.
Milan's Book Recommendation:
Quiet Influence: The Introvert’s Guide to Making a Difference by Jennifer Kahnweiler
The Application Security Podcast 
