Security teams, at best, are outnumbered 100 to 1 in their organizations. Securing every door, window, network, endpoint, device, API, and system is an overwhelmingly endless task. How can we hope to keep the enterprise secure while the threat landscape keeps evolving ever faster? It is time for an age of champions. Security Champions. Security champions are individual team members on teams outside of security who volunteer to stay up to date with security updates and help spread the word. They look for places where security best practices can be applied and help the security team know where people are struggling and have questions. This session will explore the guidelines put forth by some open-source communities, such as OWASPs Security Champions Guide, and learn some best practices for starting a program and getting your teams on board.
- Define Shifting Left and why most developers do not like this term
- Compare defending multiple types of employees and teams in a complex organization
- Explore scalable models, including AI, automation, and platforms and tooling.
- Define what an awesome Security Champion would mean for you