Sign up to save your podcasts
Or
Share We Hack Purple Podcast Episode 77 with Brendan Sheairs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
We Hack Purple Podcast Episode 77 with Brendan Sheairs
In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;
• What the heck are security champions? Why would someone want them?
• You need building blocks
◦ Must haves: goals! Who will run it! What problem are they solving?
• What is the business goal? Or objective? You need a justification to do this!
• Getting buy in to be allowed to build a program
• Having fewer bugs in production
• Moral? Are they happier? Are they missing less work?
• Biggest challenge, time commitment for champions, and then no one is allowed to work on it
• You need top down buy in, but then the work happens bottom up
• 10% for champions, what does this mean? What can it look like?
• Conflicts of interest or alignment with other important things like deadline and bonuses
• Motivations: Career advancement and financial
• Things we can do to motivate champions
• What does a good program look like?
• If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart
Want More Brendan? Here you go!
• https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/
• https://www.synopsys.com/blogs.html
• https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/
• https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop
Very special thanks to our sponsor!
Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.
Get Your Free Trial Here!
https://semgrep.dev/products/semgrep-supply-chain
Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/).
Join We Hack Purple!
View all episodes
By We Hack Purple!
4.9
1414 ratings
In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;
• What the heck are security champions? Why would someone want them?
• You need building blocks
◦ Must haves: goals! Who will run it! What problem are they solving?
• What is the business goal? Or objective? You need a justification to do this!
• Getting buy in to be allowed to build a program
• Having fewer bugs in production
• Moral? Are they happier? Are they missing less work?
• Biggest challenge, time commitment for champions, and then no one is allowed to work on it
• You need top down buy in, but then the work happens bottom up
• 10% for champions, what does this mean? What can it look like?
• Conflicts of interest or alignment with other important things like deadline and bonuses
• Motivations: Career advancement and financial
• Things we can do to motivate champions
• What does a good program look like?
• If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart
Want More Brendan? Here you go!
• https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/
• https://www.synopsys.com/blogs.html
• https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/
• https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop
Very special thanks to our sponsor!
Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.
Get Your Free Trial Here!
https://semgrep.dev/products/semgrep-supply-chain
Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/).
Join We Hack Purple!
More shows like We Hack Purple Podcast
View all
Hacked
183 Listeners
The Changelog: Software Development, Open Source
290 Listeners
Grumpy Old Geeks
6,021 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,019 Listeners
Soft Skills Engineering
283 Listeners
The Application Security Podcast
36 Listeners
Smashing Security
322 Listeners
Malicious Life
930 Listeners
Darknet Diaries
8,012 Listeners
Hacking Humans
314 Listeners
Unsupervised Learning
136 Listeners
Cyber Security Headlines
134 Listeners
Risky Bulletin
44 Listeners