Sunday 18 January 2015

Does your team has a Security Champion? If not, get this Mug and Library

If your dev team doesn't have an assigned security team champion, get one of these Mugs :)

Basically that 'Security Expert' Mug should represent the fact that at the moment when a developer has an Application Security question, he might as well ask the dude on that Mug for help :)

I also like that it re-enforces the idea, that for most developer teams, just having somebody assigned to application security, is already a massive step forward!!

Basically we have such a skill shortage in our industry for application security devs that 'if you have a heart-beat you qualify'

Who are these guys? The Microsoft Agile SDL describes them as Team Champions which should have these roles:

In addition to the Mug, another big asset to add to the dev team, is a library of books that looks like this:

Nothing beats books for knowledge, and there are LOTs of great books out there, the question is: Do developers have easy access to them?