Back

TechTarget: How to Build a Security Champions Program

On March 11, 2022, Nabil Hannan guest authored a TechTarget article titled, How to Build a Security Champions Program. Preview the article below, or read the full article online here.

+ + +

Application security is more important than ever, as apps remain one of the most common attack vectors for external breaches. Forrester’s latest “State of Application Security” report stated organizations are starting to recognize the importance of application security, and many have started embedding security practices more tightly into their development stages — a big step in the right direction.

It’s important to understand, however, that building a world-class application security program can’t happen overnight. A great deal of foundational work must be done before an organization can achieve results, including sharpening security processes around the software development lifecycle (SDLC) to identify, track and remediate vulnerabilities more efficiently. These efforts will eventually bring organizations to a high level of maturity.

Adoption of security in the SDLC is often lacking in many organizations. The answer to this problem lies within an organization’s employee population. Companies should establish a security champions program, where certain employees are elected as security advocates and drivers of change.

To create a strong cybersecurity culture, security champions should be embedded throughout an entire organization. These individuals should have an above-average level of security interest or skill, with the goal of ultimately evangelizing and accelerating the adoption of a security-first culture — not only through software and application development, but throughout the organization.

Developing a security champions program doesn’t need to be complicated. This four-step process helps organizations establish their program with ease.

Continue reading How to Build a Security Champions Program on TechTarget.

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.

X