Building Security Champions

How do you scale security when you're outnumbered 500 to 1? Learn the six-step recipe for turning developers into your greatest security asset.

#1about 3 minutes

Why security teams must scale through developer collaboration

The significant ratio of developers to security professionals necessitates scaling security programs by empowering developers as champions.

#2about 5 minutes

What a security champion is and what they do

A security champion acts as the primary security advocate, communicator, and first line of defense within a development team.

#3about 4 minutes

Recruiting volunteer champions with manager support

Attract willing volunteers by creating opportunities for them to show interest and ensuring you have manager buy-in from the start.

#4about 6 minutes

Keeping champions engaged through inclusion and trust

Keep champions engaged by involving them in security incidents, sharing sensitive information to build trust, and giving them early access to new tools and policies.

#5about 7 minutes

How to effectively train your security champions

Focus training on practical skills champions need, such as secure coding, threat modeling, relevant policies, and using security tools effectively.

#6about 4 minutes

Coaching champions and setting clear delegation rules

Use a coaching approach for continuous support and clearly define what security tasks can be delegated to champions versus what must remain with the security team.

#7about 3 minutes

The importance of recognizing your champions' work

Formally recognize champions' efforts through public praise, certificates, and direct feedback to their managers to ensure their extra work is valued.

#8about 2 minutes

Using rewards to motivate and value your champions

Reinforce good security practices by rewarding champions with gifts like books and training, team-building events, and dedicated time from the security team.

#9about 3 minutes

Why consistency is key to a successful program

Ensure the long-term success of the program by maintaining consistent communication and activities, even if small, to prevent momentum from fading.

#10about 13 minutes

Program recap and answers to common challenges

The talk concludes with a summary of the champion-building recipe and a Q&A session addressing practical challenges like uncooperative teams and alternative champion models.