On this episode of the CyberSpeak with InfoSec Institute podcast, Ty Sbano, head of security at Periscope Data, talks about spreading security awareness and building Security Champions in the world of DevOps.

In the podcast, Weller and host Chris Sienko discuss:

  • Why is National Cybersecurity Awareness Month, which just ended, so important? (1:35)
  • What are some of the security awareness highlights from the past month? (3:30)
  • What are OWASP’s Top 10 Most Critical Web Application Security Risks for 2018? (5:05)
  • How should DevOps integrate these issues and be on the lookout for them in day-to-day procedures? (7:10)
  • What is a Security Champion? (9:15)
  • What does a DevOps-based Security Champion do on a day-to-day basis? (11:40)
  • How do you initiate a Security Champion in a department where nobody wants to volunteer or feels they do not have the time? (13:55)
  • How does a Security Champion steer the ship as they see issues arise? (17:20)
  • Is there a cost to developing a Security Champion program? (20:30)
  • If you’re interested in becoming a Security Champion, how do you make the case to your organization that you’re a good candidate? (22:15)
  • Have you seen any examples of companies that have implemented other types of Security Champion programs beyond DevOps? (24:35)
  • How do you see security challenges changing in 2019? (26:10)

Want to learn more about Security Champions? Download the Gartner Report: Designing a Security Champion Program

You can watch a video version of the discussion below:

About CyberSpeak with InfoSec Institute

Get security awareness and IT training insight direct from the trenches in this weekly podcast hosted by InfoSec Institute’s Chris Sienko. Each week on CyberSpeak with InfoSec Institute, IT and security practitioners share their insights into a new topic, including security awareness, IT and security careers and keeping organizations safe from cybercrime.