On this episode of the CyberSpeak with InfoSec Institute podcast, Jeff Williams, co-founder of Contrast Security and co-founder and major contributor to OWASP, discusses the concept of Security Champions and the ways that having a Security Champion in your company can steer thinking and action towards safer practices.

In the podcast, Williams and host Chris Sienko discuss:

  • How old were you when you first got interested in tech and security? (1:45)
  • How did you get into the security industry and how has it changed? (2:55)
  • How did you come to found OWASP? (4:05)
  • How did you determine the original OWASP top 10 list? (7:00)
  • Why do you feel we’re not making process on eradicating common security problems? (8:30)
  • Do you think it’s possible to completely eradicate any of these issues? (10:10)
  • How did this more general term of Security Champions orginate? (11:45)
  • How do you initiate, hire and train a Security Champion for your company? (13:35)
  • What are the day-to-day operations of a Security Champion? (15:00)
  • How do you carve out time for Security Champions and long-term risk when people are so focused on immediate issues and tasks? (16:25)
  • If you’re interested in becoming a Security Champion, what’s the best way to make that happen? (19:00)
  • Have you heard any interesting case studies of companies that have created a Security Champions program and changed how their company does business? (22:30)
  • What’s in the future for OWASP? (25:55)
  • What’s happening at your current company, Contrast Security? (28:15)

Want to learn more about Security Champions? Download the Gartner Report: Designing a Security Champion Program

About CyberSpeak with InfoSec Institute

Get security awareness and IT training insight direct from the trenches in this weekly podcast hosted by InfoSec Institute’s Chris Sienko. Each week on CyberSpeak with InfoSec Institute, IT and security practitioners share their insights into a new topic, including security awareness, IT and security careers and keeping organizations safe from cybercrime.