Tanya Janca

Building Security Champions

How do you scale security when you're outnumbered 500 to 1? Learn the six-step recipe for turning developers into your greatest security asset.

Building Security Champions
#1about 3 minutes

Why security teams must scale through developer collaboration

The significant ratio of developers to security professionals necessitates scaling security programs by empowering developers as champions.

#2about 5 minutes

What a security champion is and what they do

A security champion acts as the primary security advocate, communicator, and first line of defense within a development team.

#3about 4 minutes

Recruiting volunteer champions with manager support

Attract willing volunteers by creating opportunities for them to show interest and ensuring you have manager buy-in from the start.

#4about 6 minutes

Keeping champions engaged through inclusion and trust

Keep champions engaged by involving them in security incidents, sharing sensitive information to build trust, and giving them early access to new tools and policies.

#5about 7 minutes

How to effectively train your security champions

Focus training on practical skills champions need, such as secure coding, threat modeling, relevant policies, and using security tools effectively.

#6about 4 minutes

Coaching champions and setting clear delegation rules

Use a coaching approach for continuous support and clearly define what security tasks can be delegated to champions versus what must remain with the security team.

#7about 3 minutes

The importance of recognizing your champions' work

Formally recognize champions' efforts through public praise, certificates, and direct feedback to their managers to ensure their extra work is valued.

#8about 2 minutes

Using rewards to motivate and value your champions

Reinforce good security practices by rewarding champions with gifts like books and training, team-building events, and dedicated time from the security team.

#9about 3 minutes

Why consistency is key to a successful program

Ensure the long-term success of the program by maintaining consistent communication and activities, even if small, to prevent momentum from fading.

#10about 13 minutes

Program recap and answers to common challenges

The talk concludes with a summary of the champion-building recipe and a Q&A session addressing practical challenges like uncooperative teams and alternative champion models.

Related jobs
Jobs that call for the skills explored in this talk.

test

Milly
Vienna, Austria

Intermediate

test

Milly
Vienna, Austria

Intermediate

Matching moments

Building a security culture with champions and training
1:28:23 MIN

Building a security culture with champions and training

Maturity assessment for technicians or how I learned to love OWASP SAMM

Building an effective security champion program
20:56 MIN

Building an effective security champion program

Organizational Change Through The Power Of Why - DevSecOps Enablement

Scaling AppSec teams by empowering developers
15:05 MIN

Scaling AppSec teams by empowering developers

Why Security-First Development Helps You Ship Better Software Faster

How to shift left with a security champions program
1:23:29 MIN

How to shift left with a security champions program

Stranger Danger: Your Java Attack Surface Just Got Bigger

The challenge of scaling application security teams
00:21 MIN

The challenge of scaling application security teams

Building Security Champions

Integrating security into existing team workflows
06:04 MIN

Integrating security into existing team workflows

Organizational Change Through The Power Of Why - DevSecOps Enablement

Fostering a developer-first security culture
28:01 MIN

Fostering a developer-first security culture

Walking into the era of Supply Chain Risks

Making web application security accessible to developers
01:10 MIN

Making web application security accessible to developers

What The Hack is Web App Sec?

Featured Partners

Related Videos

See all videos
Building Security Champions42:40

Building Security Champions

Tanya Janca

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Organizational Change Through The Power Of Why - DevSecOps Enablement26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

DevSecOps culture16:00

DevSecOps culture

Ali Yazdani

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Related Articles

View all articles
BB
Benedikt Bischof
Building Security Champions
Welcome to this issue of the WeAreDevelopers Dev Talk Recap series. This article recaps an interesting talk by Tanya Janca who gave advice about how to find and teach the perfect persons to be your security champions. What you will learn:‍- How to at...
Building Security Champions
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
AP
Anto Pranjić
11 Tips to Make The Most Out of Your First World Congress 
The world’s most awesome event for developers is taking place in less than a month! It’s been far too long since the last time we met in person, but that’s only going to make this year’s WeAreDevelopers World Congress a truly special experience. Conf...
11 Tips to Make The Most Out of Your First World Congress 
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?

From learning to earning

Jobs that call for the skills explored in this talk.

DevSecOps

DevSecOps

Devsecops

40-60K
DevOps
Docker
Jenkins
Openshift
+3