Tanya Janca

Building Security Champions

How do you scale security when you're outnumbered 100 to 1? Learn to build a champions program that turns passionate developers into your strongest security advocates.

Building Security Champions
#1about 3 minutes

The challenge of scaling application security teams

Security teams are outnumbered by developers, creating a need to scale security efforts beyond just hiring more people.

#2about 4 minutes

Defining the role of a security champion

A security champion is an enthusiastic team member who acts as a communicator, advocate, and first line of defense for security within their own team.

#3about 7 minutes

Recruiting champions by attracting volunteers

Instead of forcing participation, attract passionate volunteers by creating opportunities for them to reveal their interest and always get their manager's approval.

#4about 4 minutes

Engaging champions to build trust and involvement

Build trust and engagement by involving champions in security incidents, sharing appropriate information, and regularly checking in on their work.

#5about 2 minutes

Teaching champions only what they need to know

Focus training on essential knowledge like secure coding, architecture, and internal policies to respect their time and maximize effectiveness.

#6about 4 minutes

Recognizing and rewarding champions for their contributions

Acknowledge champions' work through public recognition, notes in performance reviews, and tangible rewards like training or conference access to make them feel valued.

#7about 7 minutes

Maintaining program momentum through consistency

A security champions program requires consistent practice and communication to build and maintain a positive security culture, so you must not stop.

#8about 4 minutes

Applying the security champion model in small businesses

In small businesses, integrate brief security and privacy topics into all-staff meetings and publicly praise employees who demonstrate good security practices.

#9about 6 minutes

How employees can proactively become a champion

Employees interested in security can become champions by proactively reporting issues, offering help on security-related tasks, and consistently showing their interest to the security team.

#10about 3 minutes

Preventing burnout among security champions

Prevent champion burnout by regularly checking on their workload, securing management buy-in for their time, and demonstrating the real-world impact of their security contributions.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Making accessibility tooling actionable and encouraging
03:58 MIN

Making accessibility tooling actionable and encouraging

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Creating psychological safety as the foundation for performance
03:12 MIN

Creating psychological safety as the foundation for performance

Sustainable High Performance: Build It or Pay the Price

Turning your employees into authentic brand ambassadors
01:46 MIN

Turning your employees into authentic brand ambassadors

Retention Over Attraction: A New Employer Branding Mindset

Proactively managing the risks of employee personal branding
03:14 MIN

Proactively managing the risks of employee personal branding

Leveraging Leaders’ Voices: The Business Power of Personal Branding

The most dangerous trap for HR during company growth
04:20 MIN

The most dangerous trap for HR during company growth

From Data Keeper to Culture Shaper: The Evolution of HR Across Growth Stages

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Featured Partners

Related Videos

See all videos
Building Security Champions48:02

Building Security Champions

Tanya Janca

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together23:34

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Stefania Chaplin

Climate vs. Weather: How Do We Sustainably Make Software More Secure?51:41

Climate vs. Weather: How Do We Sustainably Make Software More Secure?

Panel Discussion

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Simple Steps to Kill DevSec without Giving Up on Security21:53

Simple Steps to Kill DevSec without Giving Up on Security

Isaac Evans

Organizational Change Through The Power Of Why - DevSecOps Enablement26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Related Articles

View all articles
BB
Benedikt Bischof
Building Security Champions
Welcome to this issue of the WeAreDevelopers Dev Talk Recap series. This article recaps an interesting talk by Tanya Janca who gave advice about how to find and teach the perfect persons to be your security champions. What you will learn:‍- How to at...
Building Security Champions
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development

From learning to earning

Jobs that call for the skills explored in this talk.