CISO Tradecraft®

#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Jan 20, 2025

Dustin Lehr, a software engineer and expert in cybersecurity and application security, shares his insights on building security champions in development teams. He discusses the impact of culture change on security practices and the key differences between leadership and management. Learn about effective recruitment strategies for security champions and the importance of defining vision and goals. The conversation also explores the role of gamification to enhance engagement and motivation, providing actionable steps for a robust security champions program.

45:32

Creator website

Episode guests

Dustin Lehr

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Establishing security champions within development teams fosters a culture of security awareness, enhancing the organization's overall security posture through proactive practices.

Effective leadership and peer influence in security champion programs motivate developers to engage with security initiatives without requiring formal titles or mandates.

Deep dives

Creating Security Champions in Development Teams

Building a robust security culture within development teams involves establishing security champions—developers who advocate for and implement security best practices. These champions play a crucial role in fostering a culture of security awareness by identifying vulnerabilities and encouraging their peers to prioritize secure coding practices. Their motivation often stems from a desire to enhance the quality of software and to see changes within their development environment. Cultivating this role not only helps the developers to become proactive in addressing security issues but also strengthens the overall security posture of the organization.

Intro

3min

Navigating Leadership in Cybersecurity and AppSec Programs

3min

Empowering Security Champions in Tech

30min

Incorporating Gamification into Security Champions Programs

5min

Implementing and Maintaining a Security Champions Program

2min

Empowering Cybersecurity Through Champion Programs

3min

Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion includes actionable steps to establish a robust security champions program, from defining a vision to executing with gamification. Whether you’re an aspiring champion or a seasoned cybersecurity leader, this episode is packed with valuable insights to elevate your organization’s security practices.

Big Thanks to our Sponsors:

ZeroPath - https://zeropath.com/

CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!

Transcripts - https://docs.google.com/document/d/1IgPbmnNaEF_1GIQTRxHStOoUKtZM4azH

Learn more about this topic by reading Justin's Website - https://securitychampionsuccessguide.org/

Justin Lehr's Company - https://www.katilyst.com/

Chapters