Frequently Asked Questions ❓¶
Do I have to be a security expert to be a Security Champion?¶
Absolutely not! This is a initiative for people to learn more about security and generate a network for people to share experiences and competence.
Who can become a Security Champion?¶
Everyone who considers themselves part of a development team can become a Security Champion. If you are a developer, ux-designer, tester, citizen developer or anything in-between, you are welcome to join. There is no requirement to be an Equinor employee to join, we invite consultants as well!
Does being a Security Champion result in a lot of extra work?¶
It depends on what you want to do. It can be everything from just informing the team about security related issues/questions you hear about in the network, to facilitating regular threat modelling sessions, or implementing Snyk in your pipelines, and a ton of other activites one can do. There are events organized by the network one can attend; e.g. weekly "morning coffee" and monthly semninars (both can be joined digitally).
Am I required to contribute/have talks in the network?¶
No, but we highly recommend everyone on sharing. It might also be that you hear about a problem or solution from a team member or co-worker that can be shared. Asking questions is also contributing!
So I joined, what now?¶
Say hi in to your fellow Security Champions in #security-champion, join the channel #appsec for security related questions and updates. Add the Morning Coffee to your calendar by downloading the calendar invite here.
I want to attend one of the Security Champion events / meetups. Do you provide a WBS for hours and travel expenses?¶
The Security Champion initiative is a network we invite IT professionals to join and share experiences. Members need to ask their project managers or line leaders for approval to travel and spend time on the network.
Can we have more Security Champions in our team?¶
We recommend each team to have 1-2 champions, and share their learnings with the rest of the team. Remember that it is the entire team that is responsible for the security of applications in the team's portfolio. The Security champions will support the team, but not bear any extended responsibility.
How can sign up to become a Security Champion?¶
Use this form to sign up!