The Role of Security Champions in Scaling Application Security

Securing a portfolio of applications can be a practice in extremes. On one hand, you have a small team of security experts trying to help a multitude of developers, testers, and other engineers meet security requirements. At the same time, you have to support all the microservices that the Agile and DevOps teams are building and pushing to production anywhere from once a month to several times a day. Even if you have a fully staffed security team, there still are not enough experts in this area to go around, which means creating a guild of Security Champions is more important than ever. Join Ryan O’Boyle, Manager of Product Security at CA Veracode and Ronda Kiser Oakes, Director DevOps Consulting at Perficient, who will examine the value of the Security Champion role within the development team. They will discuss which groups need to commit for the program to succeed, how to find good champions, and the benefits for all stakeholders. Based on lessons learned from building a successful Security Champion program over the past five years, you will come away with detail actionable steps to bootstrap, monitor, and maintain a customized program that fosters these champions in your organization and scales your security program.