When beginning a mobile appsec program, there are several metrics you establish to define success in the first six months, one year and beyond. What is less mentioned is the human element to creating a successful program and changing the internal security and devops culture on the road to a devsecops approach.
This customer would like to remain anonymous, but shares valuable tips for how they approached their appsec program in a large company, with a large number of apps available to their customers, and many teams that have to interact in order to achieve 100% Data Theorem protection.