How to Become Your Own Security Champion

In the last year, you may have heard the term “security champion” and wondered if this was a specific job or just another buzzword. In this article, we’ll talk about what a Security Champion is, what they do and how to become one.

What Is a Security Champion and What Do They Do?

The primary purpose of a Security Champion is to help incorporate good security practices and a strong security culture into all aspects of a company’s daily operations and development processes. A Security Champion is a member of a team that takes on the responsibility of acting as the primary advocate for security within the team and acting as a first line of defense for security issues within the team.

In day-to-day operations, the role of a team’s Security Champion is to be the individual on a team responsible for leading all security-related activities. This includes reacting to identified security incidents, performing proactive actions to help prevent future security incidents from occurring and spearheading efforts to improve the security posture of the team and the organization as a whole.

The Security Champion on a team is expected to lead efforts in identification and remediation of bugs and vulnerabilities in the product and development processes of their team. This includes identifying, triaging and remediating security incidents. If the issue can be handled within the team, the Security Champion should design, implement, and document the mitigation strategy. If escalation to the organizational Security Team is necessary, the Security Champion should make the initial contact and acts as primary point of communication for between their team and the Security Team throughout the process.

Security Champions should also lead their team in preventing security incidents from occurring. This can include developing security-focused user stories for teams using agile development strategies and developing (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/IsQtnlfi97k/