Tanya Janca

Building Security Champions

How do you scale security when you're outnumbered 100 to 1? Learn to build a champions program that turns passionate developers into your strongest security advocates.

Building Security Champions
#1about 3 minutes

The challenge of scaling application security teams

Security teams are outnumbered by developers, creating a need to scale security efforts beyond just hiring more people.

#2about 4 minutes

Defining the role of a security champion

A security champion is an enthusiastic team member who acts as a communicator, advocate, and first line of defense for security within their own team.

#3about 7 minutes

Recruiting champions by attracting volunteers

Instead of forcing participation, attract passionate volunteers by creating opportunities for them to reveal their interest and always get their manager's approval.

#4about 4 minutes

Engaging champions to build trust and involvement

Build trust and engagement by involving champions in security incidents, sharing appropriate information, and regularly checking in on their work.

#5about 2 minutes

Teaching champions only what they need to know

Focus training on essential knowledge like secure coding, architecture, and internal policies to respect their time and maximize effectiveness.

#6about 4 minutes

Recognizing and rewarding champions for their contributions

Acknowledge champions' work through public recognition, notes in performance reviews, and tangible rewards like training or conference access to make them feel valued.

#7about 7 minutes

Maintaining program momentum through consistency

A security champions program requires consistent practice and communication to build and maintain a positive security culture, so you must not stop.

#8about 4 minutes

Applying the security champion model in small businesses

In small businesses, integrate brief security and privacy topics into all-staff meetings and publicly praise employees who demonstrate good security practices.

#9about 6 minutes

How employees can proactively become a champion

Employees interested in security can become champions by proactively reporting issues, offering help on security-related tasks, and consistently showing their interest to the security team.

#10about 3 minutes

Preventing burnout among security champions

Prevent champion burnout by regularly checking on their workload, securing management buy-in for their time, and demonstrating the real-world impact of their security contributions.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Building a security culture with champions and training
12:42 MIN

Building a security culture with champions and training

Maturity assessment for technicians or how I learned to love OWASP SAMM

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Program recap and answers to common challenges
12:41 MIN

Program recap and answers to common challenges

Building Security Champions

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Why security teams must scale through developer collaboration
02:54 MIN

Why security teams must scale through developer collaboration

Building Security Champions

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Building an effective security champion program
01:15 MIN

Building an effective security champion program

Organizational Change Through The Power Of Why - DevSecOps Enablement

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
How to effectively train your security champions
06:45 MIN

How to effectively train your security champions

Building Security Champions

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
How to shift left with a security champions program
08:08 MIN

How to shift left with a security champions program

Stranger Danger: Your Java Attack Surface Just Got Bigger

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
What a security champion is and what they do
04:50 MIN

What a security champion is and what they do

Building Security Champions

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Keeping champions engaged through inclusion and trust
06:00 MIN

Keeping champions engaged through inclusion and trust

Building Security Champions

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
Building Security Champions48:02

Building Security Champions

Tanya Janca

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Maturity assessment for technicians or how I learned to love OWASP SAMM1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Organizational Change Through The Power Of Why - DevSecOps Enablement26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Related Articles

View all articles
BB
Benedikt Bischof
Building Security Champions
Welcome to this issue of the WeAreDevelopers Dev Talk Recap series. This article recaps an interesting talk by Tanya Janca who gave advice about how to find and teach the perfect persons to be your security champions. What you will learn:‍- How to at...
Building Security Champions
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?
CH
Chris Heilmann
WWC24 Talk - Brenda Romero - Stay: Surviving and Thriving in Tech
Brenda Romero discusses her tech career journey, overcoming burnout, and inspiring future game developers at WWC24.Here is what she had to say in the video:Hey everyone! Thanks for joining us!Reflections on a Rough YearLast year, I gave a talk about ...
WWC24 Talk - Brenda Romero - Stay: Surviving and Thriving in Tech

From learning to earning

Jobs that call for the skills explored in this talk.