Sammy Migues is a recognized cybersecurity technical leader and lifelong innovator. As a senior advisor to The Chertoff Group, he will contribute to cybersecurity solutions for clients spanning software security, governance and risk management models, compliance, metrics and dashboards, threat modeling, DevSecOps, software supply chain security and digital transformation. Sammy’s leadership has created value for defense contractors and high-profile clients in every major market sector.
Throughout his career, he has contributed to practical security models and approaches to computer and network security seminal works and groups including the Rainbow Books, Common Criteria, PCI, CMU CERT, UL, and U.S. Government and NIST standards.
More recently, he is a creator of the Building Security In Maturity Model (BSIMM), a set of controls and an assessment methodology for software security program scorecards. Through the BSIMM’s interview-based approach, Sammy spoke with over 1,000 CISOs, managers, and engineers, and created data-driven annual research publications. Sammy is also a creator of the BSIMMsc, a streamlined method for analyzing and scoring software suppliers’ secure development practices; and a creator of The CISO Study, an analysis of and scoring approach for CISO security management practices. Most recently, Sammy is a creator of the P-SSCRM, a comprehensive model for reviewing organizational software supply chain risk management efforts.
Sammy’s writings have appeared in journals such as IEEE Security & Privacy, IEEE Software, ACM Proceedings, and many industry publications. He is a frequent speaker and is often asked to simplify complex cybersecurity topics for the press and for executives who need direct guidance for making strategic cybersecurity and risk management decisions.