The significant ratio of developers to security professionals necessitates scaling security programs by empowering developers as champions.
A security champion acts as the primary security advocate, communicator, and first line of defense within a development team.
Attract willing volunteers by creating opportunities for them to show interest and ensuring you have manager buy-in from the start.
Keep champions engaged by involving them in security incidents, sharing sensitive information to build trust, and giving them early access to new tools and policies.
Focus training on practical skills champions need, such as secure coding, threat modeling, relevant policies, and using security tools effectively.
Use a coaching approach for continuous support and clearly define what security tasks can be delegated to champions versus what must remain with the security team.
Formally recognize champions' efforts through public praise, certificates, and direct feedback to their managers to ensure their extra work is valued.
Reinforce good security practices by rewarding champions with gifts like books and training, team-building events, and dedicated time from the security team.
Ensure the long-term success of the program by maintaining consistent communication and activities, even if small, to prevent momentum from fading.
The talk concludes with a summary of the champion-building recipe and a Q&A session addressing practical challenges like uncooperative teams and alternative champion models.
Bitpanda
Vienna, Austria
42:40Tanya Janca
23:34Stefania Chaplin
27:32Jasmin Azemović
51:41Panel Discussion
28:01Tino Sokic
1:58:48Thomas Konrad
21:53Isaac Evans
26:50Nazneen Rupawalla
.gif?w=240&auto=compress,format)
Jobs that call for the skills explored in this talk.
Saransh Inc
Charlotte, United States of America
American CyberSystems
Charlotte, United States of America
Tata Consultancy Services Limited
Irvine, United States of America
Taimpel
Paris, France
CareerCircle
