Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?

Secure Code & Automation (DevSecOps)Software Development

458 views2 Comments

Sort by:

Director of Global Information Cyber Security in Manufacturing21 days ago

Executive support and buy in. It helps to have clearly defined roles.

Director of Engineering21 days ago

We have established a Product Security champion for the entire company first. This person for us sits in IT within the Infrastructure Security and Risk Management group.
Then every division has their champions and sponsors. Since my team is very large, I have appointed two champions to create a backup. This was done by asking my leaders including lead architects for nominations.
The team finds it very easy to communicate via our champions to the Company Champion.

Initially it looked like asking the IT's security champion or working via him was very cumbersome but now after a couple years, it seems great to have a non-partisan person help make decisions. They helped create a SOP on how we include Security in the product (Secure Product development Process). With them in a driver seat , it helped get it done and everyone does it. They also are responsible for Security toolsets. He has monthly meetings to review the dashboards, convey anything new he is hearing.
Quarterly the sponsors are invited to share the individual division dashboard.

Content you might like

Will the pressure from recent major ransomware attacks add to employee burnout in an industry that already faces a talent shortage?

Yes65%

No25%

Unsure9%

View Results

Who are the biggest proponents of using AI software engineering agents in your organization? Pick all that apply.

CEO21%

CIO41%

CTO32%

Software department leadership 29%

Team leads28%

Software engineers/developers24%

Someone else (comment to share)3%

N/A — no plans to use AI agents for software engineering1%

View Results

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

What are some ways that a leader can show their software staff that experimentation and failure are not only acceptable, but encouraged?

Most of the application team I lead is in Brazil and the global IT leadership (US-based) now wants to move some of that work to a new global delivery center in India to be more cost effective, but I have doubts. The Brazil team is delivering good quality — is cost efficiency enough reason to relocate the work? What are the biggest pros/cons we need to consider?

Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?

Sort by:

Content you might like

Will the pressure from recent major ransomware attacks add to employee burnout in an industry that already faces a talent shortage?

Who are the biggest proponents of using AI software engineering agents in your organization? Pick all that apply.

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

What are some ways that a leader can show their software staff that experimentation and failure are not only acceptable, but encouraged?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Building Inclusion into DEI strategy: Insights from HR Leaders

How Do Cybersecurity Leaders Address Employee Burnout?

Building an Effective Executive Succession Plan

Software Engineering Teams Plan to Scale Up Productivity

Take Your Insights On-the-Go