| Track: | DevSecOps |
|---|---|
| When: | |
| Where: | |
| Organizers | |
| Participants | Arne Zismer Arne Zismer , Clara Anel Mansilla Clara Anel Mansilla |
| Remote Participants | Harmeet Singh Harmeet Singh , Sugumaran Uppili Sugumaran Uppili |
Security Champions are a key element of any AppSec team, since they create a cross-functional team focused on Application Security.
What is a Security Champion?
- Security Champions are active members of a team that may help to make decisions about when to engage the Security Team
- Security Champions act as the “voice” of security for the given product or team
- Security Champions assist in the triage of security bugs for their team or area
(see definition here)
Why
The main purpose of this working session is to discuss the role of Security Champions within organizations, and how Security Champions' skills can best be utilized across organizations. The session will also discuss the need for a better definition of the role of Security Champion.
What
- How to define Security Champions' roles, responsibilities, and OKR
- How to create a network of Security Champions
- Forum for Security Champions to share their experiences
- The importance of being supported by the corporate Security Policy
- How to ‘create’ Security Champions?
- How to reward Security Champions?
- Do Security Champions have a path into Application Security profession?
- Is being a Security Champion worth including in your LinkedIn profile?
- What is the Security Champion’s role in Threat Modelling?
Outcomes
- Agreed definition of security champions' roles, responsibilities, and OKR
- Agreed structure to help companies create networks of security champions
- Creation of a forum for security champions
Who
The target audience for this Working Session is:
- Security Champions
- CISOs
- Developers
References
- https://www.owasp.org/index.php/Security_Champions
- https://www.linkedin.com/pulse/do-you-have-security-champions-your-company-robert-hurlbut
- https://www.brighttalk.com/webcast/5418/165801/creating-a-network-of-security-champions-at-diageo
- https://securingthehuman.sans.org/blog/2015/01/19/creating-a-security-champions-network
- http://blog.diniscruz.com/2016/10/if-you-dont-have-security-champion-get.html
- http://blog.diniscruz.com/2015/01/does-your-team-has-security-champion-if.html
Previous Summit Working Session
https://owaspsummit.org/Working-Sessions/Agile-AppSec/Security-Champions.html
Register as participant
To register as participant add Defining a Security Champion to either:
- the
sessionsmetadata field from your participant's page (find your participant page and look for the edit link). - or the
participantsmetadata field from this git session page
Back to list of all Working Sessions