MENU

How A&B help you to develop Security Champions

23.09.2020

Within the last years, the Security Champions Program initiated by OWASP became more and more popular. Most tech companies are dealing with increasing complexity and challenges as the technology stack grows and diversifies. Security processes and guidelines should not slow down Time-to-market gains.

On the other hand, security is of great significance, and issues could have substantial negative impacts on a project or the company itself. The Security Champions Program helps to accomplish this challenge by strengthening and empowering the employees and integrating security into the company culture. The Security Champions Program playbook provides a journey of six-phases to ensure structured and focused progress, leaving enough freedom to operate and fit the implementation to the customers’ specific needs and situation.

The journey starts with identifying teams, technologies, products and conducting interviews with product owners and teamleads to get an overview of the customers’ situation. Then, the team processes and products’ security state are analyzed – to define tangible security goals closely together with the customer. In preparation to the nomination of the future Security Champions, the definition of their roles, and the identification of their fields of operation will take place.

A successful Security Champions Program needs to get the management’s approval and commit all relevant parts of the company – so the results, conclusion, and ideas of the first two phases will be presented and discussed with the management from the top to the bottom. Together with the teamleads, potential Champions will be identified and finally nominated, to form the new robust Security Champions. The newly hatched Champions need proper communication channels and a meeting structure; depending on the situation, adjustments or evaluations of new technologies will happen.

It comes down to building know-how and improving the knowledge base. That means to vary the combined and tailored usage of training sessions, blog posts, wiki/intranet documentation, easy-to-follow checklists, process reviews, and the creation of security anchor points for the developers and operators prove to be successful. The last phase establishes processes to maintain the interest of the Security Champions. The Security Champions Program will be healthy and prosperous when the customer successfully shows a security culture and the Security Champions continuously improves the security posture.

HOW A&B CAN HELP YOU DEVELOP SECURITY CHAMPIONS
A&B is your partner for implementing or improving your Security Champions Program. We follow our well-proven integrate and enable approach.

This means we take over the role of a Security Champion in one (or more) of your teams, work closely with the teams, and manage project progress from the inside. As interim Security Champions and mentors, we speed up the six phases journey, on-board your novice Security Champions, and empower them with recurring training on how to act as a Security Champion.

YOUR BENEFITS
Main advantages of having a team of Security Champions:

  • Scale security through multiple teams
  • Establish a high degree of automation with security-as-code
  • Deliver software faster and secure
Log in