Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?

Secure Code & Automation (DevSecOps)Software Development

410 views2 Comments

Sort by:

Director of Global Information Cyber Security in Manufacturing11 days ago

Executive support and buy in. It helps to have clearly defined roles.

Director of Engineering11 days ago

We have established a Product Security champion for the entire company first. This person for us sits in IT within the Infrastructure Security and Risk Management group.
Then every division has their champions and sponsors. Since my team is very large, I have appointed two champions to create a backup. This was done by asking my leaders including lead architects for nominations.
The team finds it very easy to communicate via our champions to the Company Champion.

Initially it looked like asking the IT's security champion or working via him was very cumbersome but now after a couple years, it seems great to have a non-partisan person help make decisions. They helped create a SOP on how we include Security in the product (Secure Product development Process). With them in a driver seat , it helped get it done and everyone does it. They also are responsible for Security toolsets. He has monthly meetings to review the dashboards, convey anything new he is hearing.
Quarterly the sponsors are invited to share the individual division dashboard.

Content you might like

Does the SOX requirement for separation of duties impede security?

Yes60%

No35%

It depends (comment below)4%

View Results

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Most of the application team I lead is in Brazil and the global IT leadership (US-based) now wants to move some of that work to a new global delivery center in India to be more cost effective, but I have doubts. The Brazil team is delivering good quality — is cost efficiency enough reason to relocate the work? What are the biggest pros/cons we need to consider?

Software Engineers often get pegged as the team that says “no” or “that’s impossible”. How do you maintain a strong and trusting relationship with the product team while continuing to reset their expectations?

What's the most important friction in deploying Robotic Process Automation (RPA) in your company?

Cost of RPA products25%

Lack of developers who can code RPA applications43%

Amount of customization needed to automate business processes27%

Lack of RPA code maintenance resources4%

View Results

Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?

Sort by:

Content you might like

Does the SOX requirement for separation of duties impede security?

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Software Engineers often get pegged as the team that says “no” or “that’s impossible”. How do you maintain a strong and trusting relationship with the product team while continuing to reset their expectations?

What's the most important friction in deploying Robotic Process Automation (RPA) in your company?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Building Inclusion into DEI strategy: Insights from HR Leaders

How Do Cybersecurity Leaders Address Employee Burnout?

Building an Effective Executive Succession Plan

Software Engineering Teams Plan to Scale Up Productivity

Take Your Insights On-the-Go