OWASP Developer Guide

Security Champions Playbook

8.2.3 Security Champions Playbook

The Security Champions Playbook is a project that describes the process of establishing a Security Champions program within an organization.

What are Security Champions?

Security Champions are active members of a team that act as a core element of the security assurance process within a product or service. They are often are the initial point of contact within the team when it comes to security concerns and incidents.

Some advantages of encouraging Security Champions within a team are :

  • Scaling security through multiple teams
  • Engaging non-security engineers in security
  • Establishing the security culture throughout an organization

The Security Champion should be given extra training to carry out this role, which is often in addition to their existing responsibilities.

How to use the playbook

Security Champions Playbook lists six steps which include general recommendations:

  1. Identify teams
  2. Define the role
  3. Nominate Champions
  4. Set up communication channels
  5. Build solid knowledge base
  6. Maintain interest

Use these recommendations to build up a Security Champions program that is tailored to the needs of the organization.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.