Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?

Secure Code & Automation (DevSecOps)Software Development
548 viewscircle icon2 Comments
Sort by:
Director of Global Information Cyber Security in Manufacturing2 months ago

Executive support and buy in. It helps to have clearly defined roles.

Director of Engineering2 months ago

We have established a Product Security champion for the entire company first. This person for us sits in IT within the Infrastructure Security and Risk Management group.
Then every division has their champions and sponsors. Since my team is very large, I have appointed two champions to create a backup. This was done by asking my leaders including lead architects for nominations.
The team finds it very easy to communicate via our champions to the Company Champion.

Initially it looked like asking the IT's security champion or working via him was very cumbersome but now after a couple years, it seems great to have a non-partisan person help make decisions. They helped create a SOP on how we include Security in the product (Secure Product development Process). With them in a driver seat , it helped get it done and everyone does it. They also are responsible for Security toolsets. He has monthly meetings to review the dashboards, convey anything new he is hearing.
Quarterly the sponsors are invited to share the individual division dashboard.

Content you might like

Why do you think that some devs are able to significantly improve their productivity using AI, while others aren’t?

Read More Comments

If you’re going to pilot a new AI initiative and you could borrow talent from anywhere within your organization, who would you want on your dream team?

Read More Comments

I am curious if your organization has used code generators in any real way. Not low-code tools, but actual generators like RAD-style scaffolding or Domain Specific Languages. I feel that building simple apps is still as complicated as it was twenty years ago, maybe even more. With everything we have today, why does it still feel this heavy? I would love to hear past experiences, suggestions, or ideas from people who have tried to make this easier in their teams.

What’s the best software development methodology for enterprise-level projects?

Waterfall12%

Prototype18%

Rapid Application Development7%

Agile Scrum46%

Agile Kanban8%

Dynamic System Development1%

Lean Software Development2%

Other .. please add it down2%

View Results

What is the biggest challenge with modernization efforts?

Getting Funding16%

Getting Business Buy-in45%

Prioritization/Roadmapping27%

Picking a Strategy (Lift-and-Shift, Cloud-Migration, etc.)6%

Team Skillsets4%

View Results