The Application Security Podcast Marisa Fagan - Measuring Security Culture
Aug 5, 2025
Marisa Fagan, Head of Product at Katilyst and a security culture expert, shares her insights on building effective security champions programs. She emphasizes the importance of management buy-in and using the SAPs model to motivate developers. Marisa discusses the common pitfalls that can derail initiatives and reveals a blueprint for sustainable security culture. Topics include integrating privacy and accessibility programs, measuring success through key metrics, and fostering collaboration between development and security teams to enhance overall security awareness.
AI Snips
Chapters
Books
Transcript
Episode notes
Marisa's Security Career Journey
- Marisa Fagan detailed her journey from hacking community roots to managing security champion programs at giants like Facebook and Salesforce.
- She shared experiences of building programs that connect security and development teams to improve secure coding practices.
Run and Reset a Pilot Program
- Run a pilot with a small group using part of your tactics and timeframe to find bugs and cultural fit issues.
- Stop, reset, and expand after piloting to properly scale your champions program.
Use SAPS To Motivate Champions
- Motivate security champions using the SAPS model: Status, Access, Power, and Stuff.
- Use recognition and fair rewards rather than relying solely on budgeted incentives to encourage participation.
