SCN #3: Finding Your Allies

Greetings!

Welcome once again to the Security Champion Newsletter, brought to you by Katilyst - your source for information related to launching and scaling security culture initiatives!

In this week’s issue, we’re focusing on the importance of finding allies in building your Security Champion program. When launching a champion program, we always recommend that our clients seek aid from their networks. This includes building a steering committee for their program, attracting leadership support, as well as looking externally to the many supportive communities that exist in the security industry. In order to help you with finding your champion program allies, we’ve packed this newsletter with some great resources:

• Our Champion Focus on OWASP’s Security Champions Project 🛡️ 

• A focus on the Let’s Talk Software Security Meetup group 🔐

• An awesome podcast recording on the topic of Building Successful Security Champion Programs 📺️ 

Now, before diving into how to find help in building a security culture program, let’s remember what happens when we try to do everything on our own:

🔦 Security Champion Resource Spotlight

In your journey to find help in building a Security Champion program, we begin by recommending that you check out this week’s Resource Spotlight, featuring the OWASP Security Champions Guide!

OWASP created this project to serve as an open-source, vendor-neutral guidebook for AppSec professionals, helping them build and improve their own successful Security Champion programs. The project is already in-flight, beginning with their Security Champion Manifesto and soon to include other assets to support programs of all shapes and sizes! Quoting the guidebook:

Be sure to bookmark this project and keep up-to-date on updates to the guidebook over time. If you’re inclined, you can also reach out to OWASP to join the project as a contributor, sharing your Security Champion program learnings with the entire OWASP community!

🔐 Security Community Focus

Our first-ever Community Focus features the Let’s Talk Software Security Meetup group! They’re an online group with over 2,000 members, each dedicated to generating new and innovative ideas for building high-quality and secure software. Every month, the community meets in an "open discussion" format to share ideas and support each other as they tackle the difficult mission of information security culture change! In fact, just a couple of months ago the community met to discuss Security Champion programs and how to make them successful!

If you’re not already a part of this community, we highly recommend checking them out. When looking for allies to help give feedback on your security champion program (or other security initiatives), this group is full of individuals who just want to help. Featuring a vibrant and active Slack community, with channels dedicated to a variety of security culture topics, you can find the support you need!

🕹️ Game Time 

Perhaps you could all use a break to play a classic game of Tetris!!!

(Game does include a short ad to launch)

📺️ Content Corner

Keeping with our theme of “Finding Your Allies”, this week’s Content Corner features Katilyst’s own Marisa Fagan, Head of Product, speaking with the Security Weekly Podcast on building successful Security Champion programs. Marisa delves into the importance of gaining support from senior leadership, convincing stakeholders to support the security champion program initiative from the start:

📆 Upcoming Events

• B-Sides Denver (Denver, CO) - September 6

• OWASP Global AppSec (San Francisco, CA) - September 23-27

(More events coming as we look at the conference calendar for October - December!)

As always, we thank you for taking the time to read this week’s edition of the Security Champion Newsletter! We invite you all to share this newsletter with anyone who you believe may need help with their security culture program. See you soon! 👋