Build a World-Class Security Champion Program
Security champions have grown to become a critical component to successful DevSecOps organizations. These embedded change agents can be developers, DevOps engineers, or other important stakeholders in the software delivery process. Trained and empowered by the security team, they take a special interest in cybersecurity best practices. Their role is to help advocate for security, answer questions from their peers, and take the lead on making their team or project more accountable to security requirements during the daily grind of delivering software.
Not only does this improve DevOps and security team relations, but it also helps the security team scale its efforts. There are only so many people a security team can hire, but if these experts design their champion program effectively, they can lean on their embedded champions to give them a force multiplier in carrying out security tasks and strengthening security culture across the board. In short, security champions provide a golden path to democratizing security and truly taking DevSecOps to the next level.
While it is possible for security advocates to organically bubble up within DevOps organizations, it usually takes systematic planning and investment to train and empower an army of security champions. Here’s what it takes to start building a world class program to do just that.