Five best moments from [10-15-21] “Hacking Security Champions” – CISO Series Video Chat

Here are five of our best moments from CISO Series Video Chat: “Hacking Security Champions: An hour of critical thinking about how to turn non-security people into security leaders.”

Watch the full video

Our guests for this discussion were:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Snyk

Best Bad Idea (What not to say to a security champion)

Congrats to Kevin Hakanson, sr. solutions architect, AWS for winning this weeks Best Bad Idea!

Other honorable mentions go to:

“Read this 999 page manual to understand secure coding” – Magno Logan, information security specialist and senior threat researcher, Trend Micro

“Where did you learn how to code?” – Magno Logan, information security specialist and senior threat researcher, Trend Micro

“This is going to hurt me more than it hurts you.” – Dutch Schwartz, principal security specialist, AWS

“If you do not help, you will have a meeting with legal.” – Mathew Biby, CISO, Satcom Direct

Ten percent better

“Empower your champions to have negotiation room so they can approve/support initiatives appropriately.” – Craig Hurter, director security operations, Colorado Governor’s Office of Information Technology

“Involve your security champions when developing enhanced security practices/processes and in tech/tool selection. Give them buy-in to the process.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“Do mini coding camps where Devs teach Security folks. That way they have more understanding and appreciation for how they work.” – Dutch Schwartz, principal security specialist, AWS

“Grow your Security Champion program outside of the IT department. Involve the other departments that are processing sensitive data — PII/PHI, financial info, etc.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“At the next town hall, analyze a breach which made the headlines and show by example how the security champion team has helped avoid this happening at our organization.” – Roland Mueller, self-employed

Quotes from the chat room

“Measure how teams are interacting, that is key because people and departments are hard to engage.” – Tom Coffy, senior security analyst / information security office, University of Tennessee

“Individual or social recognition are good ways to reward.” – Mathew Biby, CISO, Satcom Direct

“Attaching before-and-after vulnerability assessment results to champion efforts can also shine a positive spotlight on those people.” – Russ Harland, global IT security architect, Munters

“Ideally the security champion is modeling to their teams proper expectations and diligence.” – Mathew Biby, CISO, Satcom Direct