If you are a leader in a software development organization, you know your software is constantly under threat. Attacks can come from all angles: bad design, insecure third parties, poor code, misconfiguration -the list goes on. As such, it is essential to have at least one, if not several, security champions dedicated to ensuring your software's security. These security champions are willing to take ownership of many security-related tasks and possess a deep understanding of security concepts. In this blog, we will let you know the attributes of a good security champion and how to spot one in your software development organization.
They have a solid knowledge of software security concepts.
Security champions are well-versed in the fundamentals, including the security of the software itself, the security of data processed by the software, and the security of communications with other systems over networks. They understand how these concepts relate to the software development lifecycle, and they can apply these concepts in practice.
To spot a security champion, look for individuals knowledgeable about security concepts beyond the basics. They should be aware of emerging security threats and best practices for addressing them. They should also know how to communicate these security concepts to others in a way that is easy to understand.
They are proactive.
A good security champion proactively identifies security risks in the process - and takes proactive steps to mitigate them. They aren't in the habit of waiting for security issues to arise; instead, they are constantly monitoring both the product for vulnerabilities and the process for absent or dangerous practices – and taking steps to address them.
To spot a software security champion, look for individuals who seem to take ownership of security-related tasks without being prompted. They are willing to go above and beyond their job description to ensure your software's and your organization's security.
They are natural collaborators.
Security champions understand that ensuring software security is a team effort. They collaborate with others across the organization to identify and mitigate security risks. They work with developers, quality assurance, and operations teams to ensure security is integrated throughout the software development lifecycle.
To spot a security champion, look for individuals willing to work with others to ensure the security of software products. They should be able to communicate effectively with team members and stakeholders about security-related issues.
They like to learn.
Security is an ever-evolving field, and security champions understand the importance of continuous learning. They stay current on emerging security threats, new tools and technologies, and best practices for addressing and mitigating software security risks.
To spot a security champion, look for individuals constantly seeking to expand their knowledge of security concepts. They might attend conferences, read security-related publications, or even participate in hacking events. They get excited about building security skills in general. They should be willing – and maybe even eager - to share their knowledge with others in the organization.
They are passionate about what they do.
Finally, security champions are passionate about the software itself. To them, developing software is about delivering a complete package – a high-quality, effective piece of software that is both secure and works well.
To spot a security champion, look for individuals who demonstrate quality and care in their work every day. These are the people constantly talking about the customer's needs and experience. They show interest in creating high-quality, high-performing, scalable, secure software because they care.
Having good security champions in your organization will be essential not only for the security of your software products but for ensuring the long-term success of your security program. Their presence reduces time to market by minimizing rework while providing your customers with better quality, more secure software. They help reduce the burden on your security team and encourage development teams to think about security earlier in the development process.
About Jason Shepard, Product Marketing Manager
Jason Shepard is a Product Marketing Manager at Security Innovation. A Seattle sports enthusiast, he considers the Mariners, Seahawks and University of Washington Huskies as his primary pastimes. He also drives Uber for fun on the weekends.