Common elements to highly effective security champion programs that take DevSecOps to the next level.
January 29, 2020
Application security leaders are increasingly developing formal security champion programs that help their companies better embed security expertise and accountability across development and DevOps teams. Security champions are developers, architects, and engineers who take the lead within their teams and projects on security objectives.
"A security champion is fundamentally an enabler and promoter of application security best practices," says Shawn Asmus, director of threat management for Optiv. "They help promote the adoption of tools and standards, as well as consult with developers regarding testing results and proposed remediations."
Security champions pursue advanced training and are an extra resource for their peers to answer security-related questions. They work with the security team to set realistic requirements for their peers, to more effectively choose and integrate security tools that mesh with development workflows, and to ensure that dev teams are making good on their security promises.
We recently surveyed some experts to get perspective on what security champions need to succeed in their roles. Here's what they had to say.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024