From my experience all software developers are now security engineers wether they know it, admit to it or do it. Your code is now the security of the org you work for. #GoldenAgeOfDefense
Hey Jim, what’s your opinion on security champions? Any experience with that concept?
I think it’s fundamental, especially in big companies where dev’s massively outnumber AppSec staff. Identifying, promoting and supporting dev’s who deeply understand security and communicate well with other dev’s on security - is fundamental to good AppSec programs!
Thanks :) from my experience it’s not that easy to persuade decision makers into freeing up resources for this, but I’m also convinced that it’s an important way to transport the message of implementing security at all stages.
The only time I struggle to persuade decision makers to support security champions is when an AppSec program is n shambles in the first place. If I was to start a program where dev security was a mess, I’d start with DevOps style scanning and developer education.
United States Trends
- 1. Ravens 54.7K posts
- 2. Ravens 54.7K posts
- 3. Lamar 43.6K posts
- 4. Joe Burrow 18.7K posts
- 5. Zay Flowers 3,921 posts
- 6. #WhoDey 3,397 posts
- 7. Cowboys 89.6K posts
- 8. Derrick Henry 4,308 posts
- 9. Zac Taylor 2,568 posts
- 10. #heatedrivalry 6,390 posts
- 11. #CINvsBAL 2,597 posts
- 12. Perine 1,526 posts
- 13. Harbaugh 2,879 posts
- 14. AFC North 2,183 posts
- 15. Mahomes 33K posts
- 16. Sarah Beckstrom 198K posts
- 17. Cam Boozer 2,086 posts
- 18. Jason Garrett N/A
- 19. Tanner Hudson 1,250 posts
- 20. Myles Murphy N/A
Something went wrong.
Something went wrong.