Security Champions and Threat Modeling
Build a security champions program and facilitate STRIDE threat modeling workshops for dev teams.
What is a Security Champion?
A Security Champion is a developer or engineer embedded in a product team who acts as a security liaison. They are not a full security professional but have extra security training and advocate for security practices within their team.
The Security Champion Program
A champion program scales security knowledge across the organization:
- 1-2 champions per product team
- Regular training and security team meetings
- Responsible for security reviews in their team
- Bridges communication between development and security teams
- Reduces the bottleneck of centralized security reviews
All lessons in this course
- SAST and DAST in CI/CD Pipelines
- Software Composition Analysis (SCA)
- Secrets Scanning and Hardcoded Credentials
- Security Champions and Threat Modeling