Any tips for establishing a security champions program for the software team? If you’ve done this, did you run into any internal pushback or skepticism?

Secure Code & Automation (DevSecOps)Software Development

210 views2 Comments

Sort by:

Director of Global Information Cyber Security in Manufacturing7 days ago

Executive support and buy in. It helps to have clearly defined roles.

Director of Engineering7 days ago

We have established a Product Security champion for the entire company first. This person for us sits in IT within the Infrastructure Security and Risk Management group.
Then every division has their champions and sponsors. Since my team is very large, I have appointed two champions to create a backup. This was done by asking my leaders including lead architects for nominations.
The team finds it very easy to communicate via our champions to the Company Champion.

Initially it looked like asking the IT's security champion or working via him was very cumbersome but now after a couple years, it seems great to have a non-partisan person help make decisions. They helped create a SOP on how we include Security in the product (Secure Product development Process). With them in a driver seat , it helped get it done and everyone does it. They also are responsible for Security toolsets. He has monthly meetings to review the dashboards, convey anything new he is hearing.
Quarterly the sponsors are invited to share the individual division dashboard.

Content you might like

When it comes to CX, how closely do you partner with marketing and design?

We partner closely with design, but not with marketing28%

We partner closely with marketing, but not design49%

We partner closely with design and marketing17%

We do not partner closely with either3%

View Results

Software Engineers often get pegged as the team that says “no” or “that’s impossible”. How do you maintain a strong and trusting relationship with the product team while continuing to reset their expectations?

If your organization conducted a project to automate your software testing within the past two years, how long did it take to see a return on your investment?

0-3 months7%

4-6 months43%

6-12 months29%

Longer than 1 year7%

Have not seen a return on our test automation investment8%

Don't know3%

View Results

Most of the application team I lead is in Brazil and the global IT leadership (US-based) now wants to move some of that work to a new global delivery center in India to be more cost effective, but I have doubts. The Brazil team is delivering good quality — is cost efficiency enough reason to relocate the work? What are the biggest pros/cons we need to consider?