Train your security champions with Avatao
Establishing security awareness and scaling security across your organization is not an easy task. However, with the help of security champions you can help ingrain security consciousness in all your teams. Read on to learn more about how to identify and train them!
Who are the security champions?
Security champions are usually developers who not only focus on shipping code fast, but who are very sensitive to bugs and potential security threats. They are one of those people who think outside of the box, and who think about scenarios that others don’t. A security champion is technically a liaison between developers and the security teams. They are part of the product team, while maintaining the hacker mindset and also relating to the daily job of security engineers.
Why do you need a security champions program?
• Security champions can become trusted consultants within the team who can answer the questions and concerns of other team members
• Security champions help maintain software quality and make sure that the shipped code is bug-free
• They can motivate team members and become security advocates
• Becoming a security champion can be a meaningful and rewarding career path
• Security champions provide a long-term benefit for the company as they essentially improve the security culture and help prevent breaches
How can you turn your developers into security champions?
Read our blog post in which we discuss how you can identify your security champions, and what steps you need to take in order to ignite a security champions program!
Build a security champions program with Avatao
- Have a security program in place
- Define what you expect from your security champions
- Assess your security status
1. Identify your security champions
- Organize a self-serve CTF with Avatao and identify the top achievers on the leaderboard. Look for the ones who are really engaged in the competition and are asking questions.
- Look at who is particularly active on the Avatao platform and learning outside of the mandatory courses.
- Look for people internally who regularly report security bugs or have taken security courses.
Once you’ve identified your champions, it’s very important to acknowledge them on a company-level. Communicate it to the development teams! Extra tip: if you are an international company, make sure you have security champions across all of your locations.
2. Engage security champions to give them the skills and tools they need
Make sure you create a separate team for them on the Avatao platform. This will help you assign them advanced trainings and follow their progress.
- Organize quarterly workshops with a learning path relevant to the technology or framework they use. Make sure to include real-life topics that are interesting and engaging, like recent security breaches.
- Give them a separate communication channel to discuss their learnings and best practices.
3. Empower security champions to engage their teams
Give your security champions space to incorporate this new role into their daily job.
- Listen to and incorporate their feedback to elevate security practices for everyone.
- Highlight their achievements on both a team and company-level.
Your CSM at Avatao is here to follow along with your program and help you progress!
Provide the right training
Security champions need to be familiar with the technology they are using on a much deeper level to be able to identify the root cause of bugs and anticipate any security issues that may arise when deploying the code. This is why security champions need to look beyond the fundamental issues of OWASP Top 10 and understand advanced topics like API security, cloud security, cryptography, DevSecOps or data privacy. With the help of Avatao you can provide the appropriate training for them!
Copyright © 2022 Avatao