We Hack Purple Podcast Episode 77 with Brendan Sheairs
Description
In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;
• What the heck are security champions? Why would someone want them?
• You need building blocks
◦ Must haves: goals! Who will run it! What problem are they solving?
• What is the business goal? Or objective? You need a justification to do this!
• Getting buy in to be allowed to build a program
• Having fewer bugs in production
• Moral? Are they happier? Are they missing less work?
• Biggest challenge, time commitment for champions, and then no one is allowed to work on it
• You need top down buy in, but then the work happens bottom up
• 10% for champions, what does this mean? What can it look like?
• Conflicts of interest or alignment with other important things like deadline and bonuses
• Motivations: Career advancement and financial
• Things we can do to motivate champions
• What does a good program look like?
• If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart
Want More Brendan? Here you go!
• https://www.synopsys.com/blogs.html
• https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/
Very special thanks to our sponsor!
Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.
https://semgrep.dev/products/semgrep-supply-chain
Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/).
Join We Hack Purple!
United States
