CISO Tradecraft®

#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Jan 20, 2025

Dustin Lehr, a software engineer and expert in cybersecurity and application security, shares his insights on building security champions in development teams. He discusses the impact of culture change on security practices and the key differences between leadership and management. Learn about effective recruitment strategies for security champions and the importance of defining vision and goals. The conversation also explores the role of gamification to enhance engagement and motivation, providing actionable steps for a robust security champions program.

45:32

Creator website

Episode guests

Dustin Lehr

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Establishing security champions within development teams fosters a culture of security awareness, enhancing the organization's overall security posture through proactive practices.

Effective leadership and peer influence in security champion programs motivate developers to engage with security initiatives without requiring formal titles or mandates.

Deep dives

Creating Security Champions in Development Teams

Building a robust security culture within development teams involves establishing security champions—developers who advocate for and implement security best practices. These champions play a crucial role in fostering a culture of security awareness by identifying vulnerabilities and encouraging their peers to prioritize secure coding practices. Their motivation often stems from a desire to enhance the quality of software and to see changes within their development environment. Cultivating this role not only helps the developers to become proactive in addressing security issues but also strengthens the overall security posture of the organization.

Intro

3min

Navigating Leadership in Cybersecurity and AppSec Programs

3min

Empowering Security Champions in Tech

30min

Incorporating Gamification into Security Champions Programs

5min

Implementing and Maintaining a Security Champions Program

2min

Empowering Cybersecurity Through Champion Programs

3min

Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion includes actionable steps to establish a robust security champions program, from defining a vision to executing with gamification. Whether you’re an aspiring champion or a seasoned cybersecurity leader, this episode is packed with valuable insights to elevate your organization’s security practices.

Big Thanks to our Sponsors:

ZeroPath - https://zeropath.com/

CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!

Transcripts - https://docs.google.com/document/d/1IgPbmnNaEF_1GIQTRxHStOoUKtZM4azH

Learn more about this topic by reading Justin's Website - https://securitychampionsuccessguide.org/

Justin Lehr's Company - https://www.katilyst.com/

Chapters

01:05 Meet Dustin Lair
04:05 Leadership vs. Management
06:17 The Role of Security Champions
17:20 Recruiting Security Champions
24:42 Exploring the Framework: Vision and Goals
26:25 Defining Participants and Their Roles
28:37 Understanding the Current Setting
33:27 Conceptualizing Ideal Actions
35:20 Designing with Gamification in Mind
40:30 Effective Delivery and Continuous Tuning
41:30 Overcoming Challenges and Final Thoughts

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CISO Tradecraft®

#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Creating Security Champions in Development Teams

The Importance of Leadership in Security Frameworks

Motivating Developers to Embrace Security Practices

Developing a Structured Approach to Security Champion Programs

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CISO Tradecraft®

#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Creating Security Champions in Development Teams

The Importance of Leadership in Security Frameworks

Motivating Developers to Embrace Security Practices

Developing a Structured Approach to Security Champion Programs

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights