Search

Home > We Hack Purple Podcast > We Hack Purple Podcast Episode 77 with Brendan Sheairs
Podcast: We Hack Purple Podcast
Episode:

We Hack Purple Podcast Episode 77 with Brendan Sheairs
Category: Technology
Duration: 00:40:58
Publish Date: 2023-06-14 22:00:00
Description:

In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;

  •       What the heck are security champions? Why would someone want them?

•    You need building blocks

◦                    Must haves: goals! Who will run it! What problem are they solving?

•    What is the business goal? Or objective? You need a justification to do this!

•    Getting buy in to be allowed to build a program

•    Having fewer bugs in production

•    Moral? Are they happier? Are they missing less work?

•    Biggest challenge, time commitment for champions, and then no one is allowed to work on it

•    You need top down buy in, but then the work happens bottom up

•    10% for champions, what does this mean? What can it look like?

•    Conflicts of interest or alignment with other important things like deadline and bonuses

•    Motivations: Career advancement and financial

•    Things we can do to motivate champions

•    What does a good program look like?

•    If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart

 

Want More Brendan? Here you go!

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/

•    https://www.synopsys.com/blogs.html

•    https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop

 

Very special thanks to our sponsor!

Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. 

Get Your Free Trial Here! 

https://semgrep.dev/products/semgrep-supply-chain

Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/). 

Join We Hack Purple!
Total Play: 0