Original Complete Article : Read on Medium

Summary

This article explores the Security Champions Program, a strategic initiative designed to foster collaboration between security, development, and operations teams within a DevSecOps culture. It discusses the roles and responsibilities of security champions, the criteria for selecting them, and the activities that promote a security-conscious environment. The program addresses the imbalance of security experts to developers in many companies by empowering individuals within development teams to act as security advocates. These champions are trained to identify vulnerabilities, promote secure coding practices, and serve as liaisons between the security team and developers, fostering continuous improvement and proactive defense. The article also highlights the importance of selecting individuals with relevant technical experience, leadership qualities, strong communication skills, and existing security interest to ensure the program’s success.

Key Concepts

• Security Champions Program: A program run by the security team to improve the company’s security posture by selecting and training individuals within development teams to act as security advocates.
• Responsibilities of Security Champions: Training and coaching, staying up to date on best practices, cooperation between teams, and enhancing security by participating in security-related projects.
• Selecting Security Champions: Criteria include relevant technical experience, leadership qualities, strong communication skills, and existing security interest.
• Program Activities: Monthly training, security days and conferences, hackathons, certifications, and book clubs.

References

• RSA Conference
• Snyk Security Champions Playbook
• OX Security Champions
• SafeCode Security Champions
• Synopsys Security Champions
• SC Magazine Security Champions Programs
• Invicti Application Security Champions Program
• edgeroute security-champion-framework