We Hack Purple Podcast

We Hack Purple Podcast Episode 77 with Brendan Sheairs

June 14, 2023 Brendan Sheairs Season 3 Episode 77
We Hack Purple Podcast
We Hack Purple Podcast Episode 77 with Brendan Sheairs
Show Notes

In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;

  •       What the heck are security champions? Why would someone want them?

•    You need building blocks

◦                    Must haves: goals! Who will run it! What problem are they solving?

•    What is the business goal? Or objective? You need a justification to do this!

•    Getting buy in to be allowed to build a program

•    Having fewer bugs in production

•    Moral? Are they happier? Are they missing less work?

•    Biggest challenge, time commitment for champions, and then no one is allowed to work on it

•    You need top down buy in, but then the work happens bottom up

•    10% for champions, what does this mean? What can it look like?

•    Conflicts of interest or alignment with other important things like deadline and bonuses

•    Motivations: Career advancement and financial

•    Things we can do to motivate champions

•    What does a good program look like?

•    If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart


Want More Brendan? Here you go!

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/

•    https://www.synopsys.com/blogs.html

•    https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop


Very special thanks to our sponsor!

Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. 

Get Your Free Trial Here! 


Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/). 

Join We Hack Purple!