Info about Security Champion¶
Ideally, each development team should have one or more team-members who takes on the role of Security Champion. When an area are supported by many small teams (1-2 persons) this area should be represented by one or more security champions.
A Security Champion is a team-member who amplifies the security message at the team level.
In practice, this means to act as the "security conscience" of the team. You do not need to be a security expert to become a Security Champion, an interest for security is more than enough.
Please note that security is a team responsibility, and the Security Champion is not more accountable for security than any other team member
Tasks could involve:
- Staying up-to-date with best practices and security related news
- Attend security related conferences/training/workshops
- Raising awareness of security issues within the development team
- Being part of the Security Champion community
- Facilitate threat modelling
- Conduct and/or verify automated scans
- Be the point of contact for security related stuff
- Drive internal bug-bounty
As a Security Champion you would be a target audience for a lot of the work done by the Equinor AppSec team. The AppSec team will be providing workshops, training, resources and support where needed.
Use this form for signing up to the security champion's network