From Rogue One to Rebel Alliance - Building Developers into Security Champions

Discover how to transform developers into security champions in this 44-minute conference talk from OWASP AppSec EU 2018. Learn strategies for building a scalable security program with limited resources, including how to identify and recruit potential champions, provide effective training, and measure success. Explore techniques for integrating security into Agile and DevOps processes, addressing challenges such as lack of knowledge and accountability. Gain insights on creating job descriptions, establishing code review practices, and implementing defensive rewards. Understand the importance of security grooming and how to navigate high employee turnover in startup environments. Equip yourself with practical tools to build a robust security team from within your development ranks and effectively combat cybercrime.

Intro
Overview
Applications
Security Champions
AppSect Leaders
Red Team
Agile Process
Testing
The Problem
Lack of Knowledge
Lack of Accountability
Job Description
Recruiting Your Team
Dont Overload Current Jobs
Training
Grooming Guidelines
Code Reviewing
Limits
Defensive Rewards
Understanding the Process
Conclusion
High employee turnover
Start up limited resource environment
Security grooming
Who should be a Security Champion
Who should be accountable