‹ All episodes

We Hack Purple Podcast

We Hack Purple Podcast Episode 77 with Brendan Sheairs

June 14, 2023 Brendan Sheairs Season 3 Episode 77
We Hack Purple Podcast
We Hack Purple Podcast Episode 77 with Brendan Sheairs
Info
We Hack Purple Podcast
We Hack Purple Podcast Episode 77 with Brendan Sheairs
Jun 14, 2023 Season 3 Episode 77
Brendan Sheairs

In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;

  •       What the heck are security champions? Why would someone want them?

•    You need building blocks

◦                    Must haves: goals! Who will run it! What problem are they solving?

•    What is the business goal? Or objective? You need a justification to do this!

•    Getting buy in to be allowed to build a program

•    Having fewer bugs in production

•    Moral? Are they happier? Are they missing less work?

•    Biggest challenge, time commitment for champions, and then no one is allowed to work on it

•    You need top down buy in, but then the work happens bottom up

•    10% for champions, what does this mean? What can it look like?

•    Conflicts of interest or alignment with other important things like deadline and bonuses

•    Motivations: Career advancement and financial

•    Things we can do to motivate champions

•    What does a good program look like?

•    If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart

 

Want More Brendan? Here you go!

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/

•    https://www.synopsys.com/blogs.html

•    https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop

 

Very special thanks to our sponsor!

Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. 

Get Your Free Trial Here! 

https://semgrep.dev/products/semgrep-supply-chain

Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/). 

Join We Hack Purple!

Share
Apple Podcasts Spotify Amazon Music Overcast Stitcher iHeartRadio +
Show Notes

In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;

  •       What the heck are security champions? Why would someone want them?

•    You need building blocks

◦                    Must haves: goals! Who will run it! What problem are they solving?

•    What is the business goal? Or objective? You need a justification to do this!

•    Getting buy in to be allowed to build a program

•    Having fewer bugs in production

•    Moral? Are they happier? Are they missing less work?

•    Biggest challenge, time commitment for champions, and then no one is allowed to work on it

•    You need top down buy in, but then the work happens bottom up

•    10% for champions, what does this mean? What can it look like?

•    Conflicts of interest or alignment with other important things like deadline and bonuses

•    Motivations: Career advancement and financial

•    Things we can do to motivate champions

•    What does a good program look like?

•    If someone leading the program? Someone needs to be responsible for the program, or it will, for sure, fall apart

 

Want More Brendan? Here you go!

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7064622406937538560-bR59/

•    https://www.synopsys.com/blogs.html

•    https://www.linkedin.com/feed/update/urn:li:activity:7067122079698931714/

•    https://www.linkedin.com/posts/brendan-sheairs_securitychampions-securitychampions-cybersecurity-activity-7051901776257503232--Az7?utm_source=share&utm_medium=member_desktop

 

Very special thanks to our sponsor!

Semgrep Supply Chain’s reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. 

Get Your Free Trial Here! 

https://semgrep.dev/products/semgrep-supply-chain

Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset! Check out Semgrep Code HERE (https://semgrep.dev/products/semgrep-code/). 

Join We Hack Purple!