User day

OWASP Top 10 Maturity Categories for Security Champions

generic avatar

Lucian Corlan

Director Application Security


You have heard of this term - Security Champions or was it Satellites (that sounds weird..)? But what are they really? Is it a good idea? How many companies are doing this? OpenSAMM mentions Security Champions throughout the model document from identifying the champions to having them contribute to the various phases of the SDLC. How do we measure and recognise that contribution? If you’re convinced it needs to be done, how do you manage a Security Champions programme (at scale)? What methods and tools exist? This presentation is introducing the new OWASP Top 10 Maturity Categories for Security Champions - method and tool.

Speaker bio

Lucian is Director of Application Security at Sage. Lucian holds a number of security certifications – MSc ITSec, MA Security Studies, CISSP, CSSLP (a), CISM, CISA, CEH, OSCP, SABSA Foundation and has previously worked in InfoSec/AppSec roles for a total of 15 years. Lucian has also led one of the Romanian OWASP Chapters and is a member of OWASP.