Speakers
Synopsis
Developers typically outnumber security teams members 100:1 in large organisations. With this imbalance and the shortage of experienced people who can secure the systems we build, we need to think differently. Security champions are the people in your development teams that are the most excited about security. They are an extension of your team, your advocates, and your communicators of key messages. How much importance is your organisation putting on upskilling your development teams? In this session I present how we can build and sustain a successful champions program to uplift security culture and ultimately extend the reach of security across development teams. Failed implementations of education programs can stem from a disconnect between training provided to the champions and their day-to-day tasks, as well as the absence of a formalised governance structures. I will demonstrate how to present plans to achieve leadership endorsement for the development, implementation and ongoing operations of a fit-for-purpose Security Champions Program Design and Plan. Cyber security champions are key to promoting the “shift-left” principle in the secure software development lifecycle (SSDLC) process and creating a “security-first” positive cyber security culture environment. These are team members who want to learn more about cyber security, promote that message through their squads and tribes, and have the relevant skills to undertake security focused tasks within development sprints. They keep their eye and ears open for potential issues that require security expertise. The collaboration amongst the champions is vital in ensuring a uniform approach to secure development is followed across developer communities. Key attributes include: Objectives and Scope * Governance and Operating models * Success Metrics and KPI’s * Implementation Activities * Cost Considerations * Champion Selection Criteria
