OWASP Security Champions Guide

A reminder: The OWASP Security Champions Guide has 10 Principles to shape developer-centric security programs: 1?? Be passionate about security ?? 2?? Start with a clear vision for your program ?? 3?? Secure management support ??? 4?? Nominate a dedicated captain ?? 5?? Trust your champions ?? 6?? Create a community ?? 7?? Promote knowledge sharing ?? 8?? Reward responsibility ?? 9?? Invest in your champions ?? ?? Anticipate personnel changes ?? Each one of these principles has examples and artifacts for you to use to tailor your own security champion program to the security culture of your organization. These principles come from industry practitioners who have built these programs and shared their lessons learned. Please reach out and let us know if you use these concepts and could contribute more examples back to the guide! Foregoing, you can expect some exciting new formats and news by us. As a community, we aim to make you best equipped for building up your program and strive towards the goal to have security champions making the world run more secure! ?? #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

Do you really know the security culture of your organization? Security Champions community are the best way to get a real understanding how much the expected security behavior differentiates from the actually lived security culture. And, it may give you a perspective on what your current security program completely misses out. This was one of the topics that was discussed as part of the workshop held at the OWASP Germany Days with a very active crowd of participants. What united us was the ambition to build a sustainable security culture within organizations. The energy in the room was inspiring, and despite a little chill in the air (thanks to a heating issue ??), the discussions were warm, insightful, and full of great questions. The collaborative exchange of ideas and experiences truly stood out, and it was exciting to see the group diving into the challenges and opportunities of building a security champions program, and learn from the members about the setup and challenges within their organization. We’re already planning follow-up sessions to take things further, with deep dives into specific topics to keep building on this momentum. A big thank you to everyone who joined and contributed to this event! ?? Stay tuned for more updates – this is just the beginning! ?? Marisa Fagan Juliane Reimann Michael V. Michael Bernhardt #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

Don't miss out on this ??: OWASP Security Champions Guide on upcoming German OWASP Days, November 12th-13th Are you interested into building up or advancing your Security Champions program? Do you have the chance to be in Germany/Leipzig next week? Don't miss out on the following 2 agenda items: ?? The talk by ??? Diana C. on the strategy for creating a Security Champions program https://lnkd.in/e9XVVbQ9 ?? The workshop by Juliane Reimann and Michael Bernhardt with direct community insights, hands-on tools and experiences for starting your Security Champions programs https://lnkd.in/eGFcxekN Hope to see you there! ?? #OWASP #GermanOWASPDays #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness #CyberSecurity

Do you want to learn about where the idea for establishing the OWASP Security Champions Guide community derived from? Hear from Irfaan Santoe, as one of the project leads, what gave it the spark and what was the mindset that went into it. https://lnkd.in/eQ-cT3fk #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

Are you interested in #securitychampions programs? Are you in the bay area? Take the chance to drop by OWASP AppSec in San Francisco! Find enclosed a list of talks related to the topic: September 25 - OWASP SAMM User Day - talk “Security Champions - An OWASP SAMM Level Booster” by Dustin Lehr One necessary step toward change is finding allies who can become advocates for the change you are pursuing, and the concept of “security champions” is well known and widely used model in application security. In this talk, I’ll provide tips and tricks for how to motivate your champions to get involved in the context of the OWASP SAMM. September 26-27 - OWASP AppSec Global - talk - “Who Hurt You? Earning the trust of developers” by Tanya Janca The security team plays a vital role in improving the security posture of an organization. However, it is equally important that the software developers contribute to securing all of the applications their organization creates and maintains. If there is an absence of trust and buy-in between security professionals and developers it can hinder progress, create vulnerabilities, and limit growth within organizations. In this thought-provoking talk, we look at the reasons behind a lack of trust and explore the importance of establishing buy-in and trust for success. September 26-27 - OWASP AppSec Global - talk “From Hype to Reality: The Broken State of DevSecOps and Its Maturity Model” by Eitan Worcel ?? and Dustin Lehr By empowering security champions with meaningful responsibilities and integrating advanced technologies for automated and proactive security measures, we can transform the theoretical promises of DevSecOps into a practical framework that genuinely addresses and fixes security vulnerabilities. Also we as OWASP Security Champions Guide Community are present with our fellow member Marisa Fagan. Feel free to send us a DM or use the possibility to meet up. #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

More food for thought from the OWASP Security Champions Guide! Today we want to focus on the communication skills of Security Champions. As they take on a crucial role in spreading the message of cyber security in their teams, good communication skills are as important as technical knowledge. Read more about that in our new knowledge article and share your thoughts and experiences. #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

Why Security Matters: A Must-Have Investment In today's interconnected world, strong security is essential for protecting your data, reputation, and operations. Learn why neglecting security can lead to costly consequences and how investing in it can create a more resilient and sustainable future. Key takeaways: ? The financial, reputational, and legal risks of weak security. ? Essential security priorities for organizations. ? The power of a security champion program in fostering a security-conscious culture. #security #cybersecurity #riskmanagement #businesscontinuity #securitychampion

?? Make Your Mark by Sharing Your Successful?Security Champion Campaigns! ?? Does your organization excel at engaging Security Champions, recognizing achievements, or communicating program goals? Let’s spread the knowledge! ??? We’re seeking communication plans, recognition artifacts, success stories, and other resources that make security programs thrive. ??? Examples of Artifacts We Need: ?? Communication Plans: Strategies for engaging champions and stakeholders. ?? Recognition Artifacts: Certificates, awards, or incentive ideas. ?? Success Stories & Case Studies: Stories that showcase impactful initiatives. ?? Note: All submissions will be carefully anonymized to remove any company-specific identifiers. Why Contribute? ?? Inspire other teams with your successful strategies. ?? Be recognized as a leader in the security community! How You Can Help: 1?? Donate your engagement and recognition materials. 2?? Share your story through a quick interview. Be part of something bigger—help others build strong Security Champions programs! Reach out in the comments or DM us to contribute. ?? #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

The OWASP Security Champions Guide is actively building a knowledge base for hot topics around how to start, maintain and grow a Security Champions Program. In this article we are starting with one of the very first questions: What is a Security Champion and what can this role look like? Check it out and let us know your thoughts and experiences. #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness

The OWASP Security Champions Guide is actively building a knowledge base for hot topics around how to start, maintain and grow a Security Champions Program. In this article we are starting with one of the very first questions: What is a Security Champion and what can this role look like? Check it out and let us know your thoughts and experiences. #OWASP #SecurityChampions #OWASPSecurityChampionsGuide #appsec #securityculture #securityawareness