Here are five of our best moments from CISO Series Video Chat: “Hacking Security Champions: An hour of critical thinking about how to turn non-security people into security leaders.”
Our guests for this discussion were:
- Simon Maple (@sjmaple), field CTO, Snyk
- Matthew Southworth (@bronx), CISO, Priceline
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Snyk
Best Bad Idea (What not to say to a security champion)
Congrats to Kevin Hakanson, sr. solutions architect, AWS for winning this weeks Best Bad Idea!
Other honorable mentions go to:
“Read this 999 page manual to understand secure coding” – Magno Logan, information security specialist and senior threat researcher, Trend Micro
“Where did you learn how to code?” – Magno Logan, information security specialist and senior threat researcher, Trend Micro
“This is going to hurt me more than it hurts you.” – Dutch Schwartz, principal security specialist, AWS
“If you do not help, you will have a meeting with legal.” – Mathew Biby, CISO, Satcom Direct
Ten percent better
“Empower your champions to have negotiation room so they can approve/support initiatives appropriately.” – Craig Hurter, director security operations, Colorado Governor’s Office of Information Technology
“Involve your security champions when developing enhanced security practices/processes and in tech/tool selection. Give them buy-in to the process.” – Jonathan Waldrop, senior director, cyber security, Insight Global
“Do mini coding camps where Devs teach Security folks. That way they have more understanding and appreciation for how they work.” – Dutch Schwartz, principal security specialist, AWS
“Grow your Security Champion program outside of the IT department. Involve the other departments that are processing sensitive data — PII/PHI, financial info, etc.” – Jonathan Waldrop, senior director, cyber security, Insight Global
“At the next town hall, analyze a breach which made the headlines and show by example how the security champion team has helped avoid this happening at our organization.” – Roland Mueller, self-employed
Quotes from the chat room
“Measure how teams are interacting, that is key because people and departments are hard to engage.” – Tom Coffy, senior security analyst / information security office, University of Tennessee
“Individual or social recognition are good ways to reward.” – Mathew Biby, CISO, Satcom Direct
“Attaching before-and-after vulnerability assessment results to champion efforts can also shine a positive spotlight on those people.” – Russ Harland, global IT security architect, Munters
“Ideally the security champion is modeling to their teams proper expectations and diligence.” – Mathew Biby, CISO, Satcom Direct
