





Clearly this is a mess, but we are making the best of it. We are meeting virtually on Google Meet. Developers continue to build more and more software, and even with tooling and automation there is always more security work to do than can be done. Being able to prioritize work is a strategic advantage but how do you fairly and consistently judge what is important? Having a consistent and repeatable process to estimate, track and rank the risk level of systems is critical to successfully managing your workload. In this session you will build a self contained risk measurement application based on open risk assessment standards and using only browser based, open source resources. About Joe: Joe Kuemerle is an application security engineer, developer and speaker in the greater New York City area specializing in application security, development, database and application lifecycle topics. He is active in the technical community as well as a speaker at local, regional and national events. Kuemerle blogs at www.kuemerle.com and is on Twitter as @jkuemerle.