Everyone and their cousin has a Security Champion program, but how effective is yours? Are you getting a solid return on investment for the time and money you put forth? There is a direct correlation between Security Champions and DevSecOps; they mutually support and intersect through security culture. In this talk, we’ll explore building an Elite Security Champion program that is successful in a DevSecOps world.
Elite Security Champions require an elite set of skills and experience. We’ll explore the qualities of an elite Security Champion program and how you can transform your program from one where you must twist arms to sign people up to a program where potential champions are knocking down the door to get in.
We’ll begin by considering the security person mindset, the skillsets you need to build in your Champions. From knowledge of secure coding principles to threat modeling expertise and understanding the end-to-end DevSecOps pipelines, Champions require skills in the technical side. But Champions also need schooling in the soft skills to enable them to collaborate and become agents of change, capable of disrupting your security culture.
After unpacking the individual skills, we’ll cover the significant issues you must address when building or enhancing an elite program.
• Branding – how will you represent your group to the larger company? • Strategy – what do you want them to do? What is the big picture goal? • Value proposition – what’s in it for them? • Recruitment – how are you going to find and sign-up new champions? • Program – what are you going to offer them? • Communication – how will you keep the rest of the organization apprised of what the Champions are doing? • Retention – how are you going to keep them coming back from more? • Globalization – how do you build a program if you’re a worldwide company?
Security Champions provide a scalable solution for security capacity, providing an outlet for overworked security teams to magnify their efforts. If you do not have a security champion program today, or if your program needs a reboot, come to this talk and learn how to fill the halls of your organization with elite Security Champions.
Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling... Read More →
Thursday October 27, 2022 2:00pm - 3:00pm CDT
Contrast Security Room2525 W Anderson Ln #365, Austin, TX 78757, USA