It’s an oft-repeated mantra around here that security is everyone’s responsibility. Unfortunately, it’s easier said than done and this talk will describe how we introduced a new security approach to empower product teams, enable accountability among team leads and ensure teams and leadership are jointly informed about and responsible for risks.
This cross functional requirement, which can impact the reputation and financial status of any company, being reactively implemented across most teams highlights a process gap.
That is what we sought out to solve and a year later, we have engineers who have learned the value of “why” in security and SDLC controls, as opposed to checking a box like it has been done countless times before, a maturity model that helped leadership take informed decisions. An important aspect of the organizational culture shift needed for improving AppSec is the critical role of security champions. Security champions are your AppSec specialists who help lead, mentor and train the team. These champions help share the load with the dedicated AppSec leaders helping magnify the impact of AppSec in the organization. They lead by example for the development team and are pivotal to the cultural change needed for security.
In this session you will learn: * How to communicate and educate your teams on security approach and best practices * Leverage security champions embedded within the development teams to scale the impact of your AppSec program * Measure and coach teams through the process and to improve both their and the organization's overall application security posture