Security Champions

Security Champions are a key element of an AppSec team, since they create an cross-functional team focused on Application Security

What is an Security Champion?


 * Security Champions are active members of a team that may help to make decisions about when to engage the Security Team
 * Act as the "voice" of security for the given product or team
 * Assist in the triage of security bugs for their team or area

What do they do?

Build your own team of Security Champions: Security Champions Playbook
 * Actively participate in the AppSec JIRA and WIKI
 * Collaborate with other security champions
 * Review impact of 'breaking changes' made in other projects
 * Attend weekly meetings
 * Are the single point of contact for their assigned team
 * Ensure that security is not a blocker on active development or reviews
 * Assist in making security decisions for their team
 * Low-Moderate security impact
 * Empowered to make decisions
 * Document decisions made in bugs or wiki
 * High-Critical security impact
 * Work with AppSec team on mitigations strategies
 * Help with QA and Testing
 * Write Tests (from Unit Tests to Integration tests)
 * Help with development of CI (Continuous Integration) environments