Application Security people can’t be everywhere at once. With larger developer teams and organizations, the best way to scale the software security function is through a security champions programme. But where are you going to find time to develop a high value and high impact programme for this, alongside your already full schedule?
That’s where Bounce Security comes in.
We have significant experience in application security as well as long experience of working directly with developers and within development organizations. We can use this to help you build and operate a security champions programme that works for your organization.
We have seen enough Security Champion Programmes in the past to have a good understanding of the practices that makes a programme successful. At the same time, we are familiar with the anti-patterns that may reduce the programme’s efficiency or even cause it to fail.
With our focus on activities that bring value and impact, the outcome will be interested and engaged developers who are incentivised to excel and provided the resources and support to do so. In turn, this will lead to an improved application security culture within the organization and less security effort required later on in the process.
Our “Managed Security Champions Programme” is based on a flexible package that is customized to your particular needs, based on what will bring you the highest value right now.
- You want a programme but you need internal buy-in? We can help you identify the relevant stakeholders, prepare advantages specific to your organization and get everyone on board.
- You don’t yet have a champions programme? We will review your organization’s structure and provide a suggested template for starting up the programme and expected roles for champions.
- You already have a template or you know what is needed? At your direction, we will help you set up the programme including initial communications, internal marketing and activity structure.
- You have a programme but you want to know how it’s going? We will compare your current programme to leading practices in the industry and identify where you are doing well and where you might have gaps.
- You want to take your Security Champions Programme to the next level? We will prepare a phased plan to enhance and improve your existing programme, with a focus on getting better value.
- Your programme is working well and your champions are hungry for more? We can help you build a staged development programme for them to take them through various levels of expertise so that they always have something to strive for and something new to learn.
- How do you keep you champions informed? Your champions need ongoing updates and information about what is going on in the industry, but preparing that is time consuming and needs constant work. We will prepare a monthly session for your champions including industry news, a more in-depth topic and your internal updates. We will also encourage your champions to be involved and deliver their own topics to improve their engagement and buy-in.
- Do you want your champions (and developers) to have more in-depth and hands-on security training? We can work with your teams to select or leverage an interactive training platform, and set them learning tasks and exercises including realistic scenarios in a familiar language. We can also help run tournaments and use progress to identify the developers who are most engaged with security.
- Do you have lots of champions with application security questions and only one of you? Are you spread too thin? We can act as the first point of call for your champions, to help provide standard solutions and answers to general application security questions, referring on to you only if necessary.
Back to Our Value