You have heard of this term - Security Champions or was it Satellites (that sounds weird..)?

But what are they really? Is it a good idea?

How many companies are doing this?

If you're convinced it needs to be done, how do you manage a Security Champions programme (at scale)? What methods and tools exist?

OWASP needs to support the Community much more on the topic of security champions. We have a project proposing a playbook - that is a good start and there are a great number of details requiring attention for a successful programme. The intention of this project is to provide the necessary guidelines on how to manage security champions and their progress in supporting security. Intentionally the talk is called OWASP Top 10 Maturity Categories for Security Champions - as it relates to the well known Top 10 by suggesting 10 main maturity categories of interest. Because all good ideas need software to materialise, we will be open-sourcing as part of OWASP an application to manage security champions - application that will hopefully evolve as this project with receive more attention.

Security Champions have 10 areas for security related contribution available. Check the contribution sheet below for the detail.

1. Use of tools (Maturitylevels:1,2,3)
2. Bounty (M123)
3. Training (M123)
4. Events (M123)
5. Securityops (M123)
6. SecReviews/Assessments (M123)
7. Research (M123)
8. Development for security (M123)
9. Reporting (M123) 10.Threat Modelling (M123)

Maturityone – 1 point M two – 2 points M three – 3 points

– 15 points with 3 Maturity 3s mandatory – 10 points with 2 M2s and 1 M3 – 5 points

Developed by Graduate Devs in Sage. In the meantime, please use the Calculator in Sheet 2 here: https://docs.google.com/spreadsheets/d/1Dfb-wDPqqpTDejEnIxmv9MWyFDD0gUsJf-45zrJ-GKs/edit?usp=sharing

Contribute here: https://docs.google.com/spreadsheets/d/1Dfb-wDPqqpTDejEnIxmv9MWyFDD0gUsJf-45zrJ-GKs/edit?usp=sharing

Presentation here: https://drive.google.com/file/d/1UQqgqPxk-W50fOS1wKgpWiBfWQYZYMHR/view?usp=sharing Newer presentation here: https://docs.google.com/presentation/d/19k9NafiDJjl81sN9Ufp8NENS1-TttPyVIgilavgbzFg/edit?usp=sharing