#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion includes actionable steps to establish a robust security champions program, from defining a vision to executing with gamification. Whether you’re an aspiring champion or a seasoned cybersecurity leader, this episode is packed with valuable insights to elevate your organization’s security practices.

Big Thanks to our Sponsors:

ZeroPath - https://zeropath.com/

CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!

Transcripts - https://docs.google.com/document/d/1IgPbmnNaEF_1GIQTRxHStOoUKtZM4azH

Learn more about this topic by reading Justin's Website - https://securitychampionsuccessguide.org/

Justin Lehr's Company - https://www.katilyst.com/

Chapters

• 01:05 Meet Dustin Lair
• 04:05 Leadership vs. Management
• 06:17 The Role of Security Champions
• 17:20 Recruiting Security Champions
• 24:42 Exploring the Framework: Vision and Goals
• 26:25 Defining Participants and Their Roles
• 28:37 Understanding the Current Setting
• 33:27 Conceptualizing Ideal Actions
• 35:20 Designing with Gamification in Mind
• 40:30 Effective Delivery and Continuous Tuning
• 41:30 Overcoming Challenges and Final Thoughts