SCN #8: Wrapping Up the Year: Our Holiday "Gifts" for Security Champions

Author

Stanley Harris
December 18, 2024

Hello Security Champions!

Welcome to the final Security Champion Newsletter of the year! Let’s celebrate the season of giving by sharing meaningful knowledge and practical guidance to help you continue building, scaling, and improving security initiatives in your organization. 🎄🛡️ 

🎁 Unwrap the OWASP Security Champions Guidebook

"For those who love assembling the perfect puzzle."

If you’re looking to kickstart or refine your security champion program, consider the “OWASP Security Champions Guidebook” your how-to playbook. This ever-evolving resource provides a vendor-neutral, open-source roadmap, complete with customizable artifacts, insights from industry leaders, and guidance for long-term program maturity.

Why It’s Special:

  • Vendor-neutral advice, so it’s applicable no matter your environment.

  • Based on real-world interviews with program leaders, champions, and CISOs.

  • Features next-step recommendations as your team’s program matures.

Check it out below!

P.S. They’re inviting more participants to share their experiences. Consider giving back by contributing your story!

OWASP Security Champions Guide | OWASP Foundation

Our goal is to create an open-source, vendor-neutral guidebook for AppSec professionals to help them build and improve their own successful Security Champion programs.

owasp.org/www-project-security-champions-guidebook

🔥 A Fireside Chat: Building a Proactive Security Culture Through Behavioral Science

"For those who enjoy the warmth of inspiration and practical guidance."

In this season of reflection, learn how small incentives and the right kind of rewards can spark big cultural shifts. Dustin Lehr’s conversation with Endor Labs navigates how principles of behavioral science can empower your security champions and development teams to make better, more proactive decisions. This is not just about tools - it’s about understanding human motivation and driving meaningful behavior change.

Key Takeaways:

  • Applying behavioral science to uplift security culture.

  • Using gamification and intrinsic motivators to keep developers engaged.

  • Techniques for getting started with a security champion program and sustaining it over time.

Listen while enjoying your favorite holiday treat, and share the insights with your team to kick off the new year with fresh perspectives.

🚶‍♀️ A Security Champion’s Journey: Lisi Hocke’s Story

"For those who believe in continuous learning and growth, one small step at a time."

Lisi Hocke shares her hands-on experience as a security champion embedded within a development team. From the earliest hurdles (outdated dependencies, noisy tooling) to strategic wins (cleaning up legacy code, setting priorities thoughtfully), her story is a testament to the power of incremental improvements and human connection.

You’ll Learn About:

  • Championing security from the inside: building trust, knowledge-sharing, and advocacy.

  • Practical steps to tackle common challenges like technical debt and continuous dependency updates.

  • The importance of a healthy security culture, collective effort, and steady progress.

🎄 More Gifts Under the Tree (Additional Resources):

  • Join the Conversation: Connect with peers who are forging new paths, experimenting with security solutions, and supporting one another’s growth. Communities like OWASP Slack, Meetups like Let’s Talk Software Security, and online forums can be your year-round workshop of shared learning.

  • Resource Hub: Keep an eye on Katilyst’s website for upcoming blog posts, tools, and event announcements related to Security Champion programs.

  • Your Feedback: We want to keep improving. What worked for you this year? What would you like to see more of? Send us your thoughts (just hit reply), and help shape next year’s newsletters.

📆 Upcoming Events & Podcasts

  • ShmooCon

    ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.
    Washington, DC

    January 10-12, 2025

🎅 Wrapping Up the Year

As we close out December, we’re reminded that our community of security champions - across industries, time zones, and roles - has continuously supported each other’s growth. This holiday season, consider these resources our small token of gratitude. May they guide you, your champions, and your entire organization toward a safer, more secure new year.

From all of us at Katilyst: Happy Holidays, and here’s to building better, safer programs in 2025 and beyond!

Warmly,
The Katilyst Team