If your company has a security champions program, it’s probably not doing too well. According to Sandesh of Boring AppSec, he claims that most security champions program do not take off, or if they do, taper off quickly. Building a security program is hard and even harder to make it sustainable. That is because the security champions program is essentially a community and companies are not optimised to have communities in them. Sandesh proposes a hypothesis for getting your security champions program to work. There’s three parts to it and it involves charter, enablement and measurement. Check out his article on Boring AppSec to learn more.
https://boringappsec.substack.com/p/edition-15-is-your-champions-program
This segment was created for the It’s 5:05 podcast