Skip to content

Onboarding for new Security Champions

Welcome young padawan

Now that you've signed up for Equinor's Security Champion environment, I bet you're wondering what you've gotten yourself into? If you haven't had an onboarding meeting since you joined, please request one in the Security Champion slack channel! We hope to get everyone automagically invited, but mistakes can happen.

Tip

If you haven't had an onboarding meeting since you joined, please request one in the Security Champion slack channel!

Expectations

Security is everyone's responsibility! You as a Security Champion are a voice for security. Your role is to bring security on the agenda within your team, helping the "shift left security" mentality.

Important

Security is everyone's responsibility! You as a Security Champion are a voice for security.

The Security Champions environment is a community made up of people interested in security where the people are in the center. You and your experiences will drive this community, and we will rely on you to participate in discussions, activities and ask questions. Don't worry, we won't bite!

What you get

  • You get to take part in a community of like-minded people.
  • There will be activities only catered to Security Champions, which can be used to improve your knowledge regarding security. This will hopefully ignite that security spark within you.
  • You will help form this community, as your voice and your experiences matter.
  • You will also get experiences and knowledge that might help advance your career.
  • Last but not least: Awesome merch!

Note

There will be activities only catered to Security Champions, which can be used to improve your knowledge regarding security.

Learning platform

We are testing out a secure coding learning platform. You as a champion are a perfect match, and that is why you get special merch by learning!

What can you expect?

  • Learning about security and secure coding in "hands on" sessions in a sandbox environment
  • View video lessons
  • Gain unique merch based off your belt level!
  • Contribute to the SCN
  • Have fun!
  • Bragging rights
  • Learn things that may help advance your career!

Info

You can gain unique merch based on your belt level!

There is a wide arrangement of subjects, and you can do them all if you wish! So there are tracks for:

  • AppSec
  • Docker security
  • DevSecOps
  • Data Scientist
  • OWASP Mobile top 10 (ios/android)
  • OWASP API top 10
  • Web App Tester
  • Web dev
  • ++

Use this form to sign up for it! Happy learning!

Belt system

We are launching a new belt system with this learning platform. There are 5 belts you can achieve, where White, Yellow, and Green belt are achievable from only learning through the platform. More on the merch you can get from the different belts here. The brown and black belts are something special. They require you to complete activities normally in the Security Champion network.

The brown and black belts are special and require you to complete activities normally in the Security Champion network.

  • In order to start earning the brown belt, you need to have completed the three belts from the learning platform (white, yellow, and green).
  • In order to gain the brown belt, you need to complete 3 activities from the list below. To achieve the black belt, you need to complete 6 new activities, for a total of 9.

You report this by using the "Champion passport", add your activity, select "1" in hour slot, and comment on what you did, and when you did it. We will then go through and double-check the activity, and if everything is A-OK, you get the activity successfully registered!

Activities

Please help contribute with useful activities that make sense in Equinor context for Equinor Security Champions. The list below might change based on your feedback.

  • Talk briefly about your project/challenges in regards to security in the coffee or go through a Security Journey task.
  • Facilitate a Threat Modeling session for your team/project.
  • Share a write-up of a security activity you/your team did on Slack.
  • Speak at a seminar/meetup.
  • Set up Secret scanning for your project using our guidelines.
  • Make a pull-request to an Equinor internal repository with a security-enhancing feature.
  • Have a Security Champion from another team join/review your threat model.
  • Join/review another team's threat model.
  • Publish or suggest changes to guidelines on appsec.equinor.com.
  • Attend a Security Journey tournament.
  • Gain three white belts.
  • Gain two yellow belts.
  • Gain two green belts.

Note

The list of activities might change based on your feedback.

Merch

As SCN age, we will have different merch come and go. Below we have a record of some of the selections we have given out. Some of them are out of stock, some are in stock, you never know! Should we get someone to do inventory? Probably...

  • Stickers: A large assortment of stickers to help show that you are the voice of security! With the number of stickers we have, you will get a proper workout while carrying your laptop.
  • Hoodie: You act the part? Great! The only thing lacking is dressing for the part!
  • Socks: Socks decorated with The Security Champion shields! Would they have protected Achilles? Maybe not. Will they protect you from cyber criminals? Who knows! But you will certainly look stylish while being hacked!
  • Book (Alice and Bob Learn Application Security): Complete the challenge at this form.
  • AbbSack: You have to see it to believe it! Keep your items secure while traveling.
  • Lanyard: Decorate your neck with shields to ward off evil phishing attacks. It even holds your card!
  • Pins: Decorate your lanyard or clothes with shields to further increase your phishing protection.
  • Christmas ornament: No Christmas is secure without your own Security Champion Christmas tree ornament.
  • S.W.A.T. (Small Work Addictive Thing), the latest and freshest within fidget toys. Meetings will never be the same!

To get these items, you can find out where the AppSec office is, social engineer your way into the building, find our seats, and ask for one or more of the items.

OR

You can get in touch with the team when we do stands and events.

Merch for belts

Since we are launching a new belt system connected to the secure coding platform, we need fresh merch! Below is a list of what you can get at the different belt systems. The items will be shipped via mail unless you can pick it up in the building (Forus Øst). If shipped, it may take some time before you get it! But all things come to those who wait ;)

  • White belt:
    • Your very own lanyard decorated with placeholders for those hard-earned pins.
  • Yellow belt:
    • A yellow pin to hang on your newly acquired lanyard. Be proud!
    • A yellow S.W.A.T. to showcase your advancement within security. It will be your best friend in meetings.
  • Green belt:
    • A green pin to display your advanced knowledge of secure coding.
  • Brown belt:
    • A brown pin to show that you are no rookie in terms of being one of the top-notch champions in our network.
    • A brown S.W.A.T. that will become your best friend when focusing.
  • Black belt:
    • A black pin. Your final step to look like an overly decorated army general. You can retire happy as your life-long goal of contributing to Equinor's Security Champion Network is finally complete for now.
    • Hoodie: Now that you are all medal'ed out, the last thing you need is that sweet warm hacker hoodie to put the . over the i.

Note

If shipped, it may take some time before you get it! But all things come to those who wait ;)

Relevant web sites

Relevant Slack channels

  • #Security-Champions: Your go-to channel for Security Champion events and information.
  • #AppSec: Information regarding AppSec. Most general information should be posted here so everyone in Equinor has access to it and can participate!

Info

#AppSec is for general information about AppSec, accessible to everyone in Equinor.

Relevant activities

In the Security Champions, YOU are the key ingredient. We have multiple meetings where we gather everyone who wants. Join us!

Info

For more information, please check out the Security Champion Sharepoint.

Further activities

Please check out the activities section for more activities for you and your team!