On March 11, 2022, I guest authored an article in TechTarget.
Application security is more important than ever, as apps remain one of the most common attack vectors for external breaches. Forrester’s latest “State of Application Security” report stated organizations are starting to recognize the importance of application security, and many have started embedding security practices more tightly into their development stages — a big step in the right direction.
It’s important to understand, however, that building a world-class application security program can’t happen overnight. A great deal of foundational work must be done before an organization can achieve results, including sharpening security processes around the software development lifecycle (SDLC) to identify, track and remediate vulnerabilities more efficiently. These efforts will eventually bring organizations to a high level of maturity.
Adoption of security in the SDLC is often lacking in many organizations. The answer to this problem lies within an organization’s employee population. Companies should establish a security champions program, where certain employees are elected as security advocates and drivers of change.
To create a strong cybersecurity culture, security champions should be embedded throughout an entire organization. These individuals should have an above-average level of security interest or skill, with the goal of ultimately evangelizing and accelerating the adoption of a security-first culture — not only through software and application development, but throughout the organization.
Developing a security champions program doesn’t need to be complicated. This four-step process helps organizations establish their program with ease.
Read the full article here: https://www.techtarget.com/searchsecurity/post/How-to-build-a-security-champions-program