Security Champions: An OWASP SAMM Level Booster!
Dustin Lehr
KatilystCo-founder, Chief Product and Technology Officer
Abstract
Measuring the software security posture of your company using OWASP’s Software Assurance Maturity Model is a tried-and-true method for identifying strengths as well as gaps and opportunities in strategy and approach, but once these opportunities are identified… HOW should they be addressed? At that point, the conversation is about CHANGE… changing your culture, engineering habits, processes, and ultimately winning hearts and minds to the cause of maturing your security posture.
So, what are the best and most effective ways to pursue the CHANGE at your organization?
One necessary step toward change is finding allies who can become advocates for the change you are pursuing, and the concept of “security champions” is well known and widely used model in application security. In this talk, I’ll provide tips and tricks for how to motivate your champions to get involved in the context of the OWASP SAMM.
We’ll discuss:
- How can an effective security champion program become a force multiplier of security culture change?
- What specific practices of the SAMM can an effective champions program assist in maturing?
- What can we learn from behavioral science to better understand human motivation to inspire your colleagues to take action?
Speaker bio
Dustin Lehr is an accomplished software engineer turned executive cybersecurity leader who designs security programs that reinforce proactive behavior to avoid security incidents. He is the Co-founder and Chief Product and Technology Officer at Katilyst, a company dedicated to helping organizations enhance their culture by building engaging security champion programs. Dustin is also the driving force behind the Security Champion Program Success Guide and possesses a wealth of experience in application security, providing innovative coaching and consulting services. In addition, he is a prominent community thought leader, speaker, and founder of the “Let’s Talk Software Security” monthly open discussion meetup group.