Session Name: Rebuilding Security Culture With Security Champions: Our Experience at IBM, Red Hat & Natwest Group
A Security Champions program is key to a modern cybersecurity strategy. Learn how to start your own.
Known vulnerabilities are a fact of life, especially with open-source software. Cyber Security Intelligence tracked over 18,000 CVEs and at least 66 Zero-Day Vulnerabilities in 2021. According to the Sonatype 2020 DevSecOps Community Survey, 24% of organizations surveyed revealed a breach within one of their web applications in the prior 12 months. The average cost of a data breach was $4.24 million, according to the IBM 2021 Cost of a Data Breach Report.
The only way to keep up with the fast pace and demands of cybersecurity today is to scale up the security expertise of your technical workforce. This talk explains why setting up a Security Champions program is such an important part of an overall security strategy. Then it goes into detail on how to get your own Security Champions program running, the realistic costs of such a program, and what benefits you can expect from it. We’ll talk about grassroots programs at three companies: IBM, Red Hat, and NatWest Group.
A Security Champions program is repeatable, cost-effective, and can be applied to a broad range of industries. Attendees will come away with a step-by-step approach that can improve cybersecurity practices at their own companies.
I’ve been a software engineer for more than 20 years, I was a manager for 3 years, and I have been a Security Focal for 4 years. I’ve worked in research, consulting, web portal development, IT systems management development, cloud computing, hybrid cloud, deployment automation, web platform development and operations, and most recently, developer tools for Kubernetes and DevOps. My specialties are DevOps, cybersecurity, continuous delivery, cloud computing, virtualization, configuration management, distributed systems, software engineering, agile development, continuous integration, shift-left, and high availability/disaster recovery for IT services.
In my free time, I enjoy reading, scuba diving, traveling, games, and having fun with my husband, two daughters, and the family dog.