It is important to understand that AppSec skills are not a key requirement to become a security champion. The essential quality is to want to become one.
I can make a good developer, who is interested and dedicated, into a good AppSec specialist in 6 months. If the developer is an expert in AppSec, then he should join the central AppSec team.
