Today, I'm joined by Nariman Aga-Tagiyev, a seasoned cybersecurity architect and threat modeling coach, bringing over two decades of experience in the software development industry.
As the founder of SecureHabits, he’s on a mission to help software manufacturers mature their secure software development lifecycle.
Nariman is a familiar face at OWASP Netherlands Chapter events and an active contributor to projects like OWASP SAMM and the Security Champions Maturity Model. His work bridges the gap between theory and practice, empowering teams to build security into their culture - not just their code.
In this episode, we dive into a memorable "battle" Nariman had at the RSA conference, where he argued both sides of the SAMM vs. BSIMM debate—mostly with himself, after BSIMM expert Caroline Wong couldn’t attend.
We also explore why organizations often skip the foundational steps before rushing to buy security tools, why true maturity is so rare, and what the new regulatory frameworks like the Cyber Resilience Act mean for businesses in the EU.
Dive right in!
