Skip to content

c0rdis/security-champions-playbook

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Mentioned in Awesome DevSecOps

Intro

Security Champions Playbook is a project started in preparation for the presentation "Security Champions 2.0" at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes.

Who are the Security Champions?

Security Champions are "active members of a team that may help to make decisions about when to engage the Security Team". They act as a core element of security assurance process within the product or service, and hold the role of the Single Point of Contact (SPOC) within the team.

What benefits do Champions bring to my company?

Main advantages of having a team of Security Champions:

  • Scaling security through multiple teams
  • Engaging "non-security" folks
  • Establishing the security culture

Security Champions Playbook

To keep it simple, I've listed six easy-to-follow steps with clarifications for each step. Chapters include general recommendations, links to known good sources as well as personal experience. I will be happy to hear your feedback and update the playbook. Current version:


Simplified diagram

alt text