We Are The (Security) Champions
Steering an engineering organization towards secure development practices is hard. That's why you need people on the inside - individuals who will push their dev teams to create secure software with the credibility of a trusted team member. Modern development teams need Security Champions.
A list of security standards, wiki articles on secure development best practices, and the occasional presentation will only go so far to get your engineers on board with your mission. Often it seems like everyone is too busy or simply unwilling to prioritize security tasks. How do you start a grassroots movement to advance security?
In this talk, we'll cover how to establish a Security Champions program and why it will accelerate a Security organization's mission within an Engineering division. We'll identify what makes a Security Champions program effective and any pitfalls we should avoid.
Steve is a Raleigh-area native and has been working in penetration testing since he graduated. He's passionate about developing mature security organizations and offensive security testing. He currently works at Avalara in Durham and is a member of Team EverSec.