Session Name: Elite Security Champions Build Strong Security Culture in a DevSecOps World
Everyone and their cousin has a Security Champion program, but how effective is yours? Are you getting a solid return on investment for the time and money you put forth? Elite Security Champions require an elite set of skills and experience. We’ll explore the qualities of an elite Security Champion program and how you can transform your program from one where you must twist arms to sign people up to a program where potential champions are knocking down the door to get in. From knowledge of secure coding principles to threat modeling expertise and understanding of the end-to-end DevSecOps pipelines, Champions require skills on the technical side. But Champions also need schooling in the soft skills to enable them to collaborate and become agents of change, capable of disrupting your security culture. After unpacking the individual skills, we’ll cover the significant issues you must address when building or enhancing an elite program, including branding, strategy, value proposition, recruitment, communication, retention, and globalization. Security Champions provide a scalable solution for security capacity, providing an outlet for overworked security teams to magnify their efforts. If you do not have a security champion program today, or if your program needs a reboot, come to this talk and learn how to fill the halls of your organization with elite Security Champions.
Chris Romeo is CEO and co-founder of Security Journey and is a builder of security culture influencing education. His passion is to bring security culture change to all organizations, large and small, by providing gamified security programs. Chris is the host of the award-winning “Application Security Podcast”, and is a highly rated industry speaker and trainer. Chris was the Chief Security Advocate at Cisco, empowering engineers to shift security left in all products and led Cisco’s security belt program (Cisco Security Ninja). Chris has twenty-five years of security experience, holding positions across the gamut, including application security, security engineering, and incident response. Chris holds the CISSP and CSSLP certifications.