A security champions program is a popular method to scale application security within an organization. However, as security initiatives increase in scope and complexity, it can be challenging to drive results from a central product security team into each group within a large organization – even when each has a security champion. A Product Security Lead program is a great addition to increase the effectiveness of a security champions program.
📚 What will you learn?
✅ A Product Security Lead is an application security leader who leads security within a development division. They organize and mentor security champions within their functional area.
✅ Product Security Leads develop expertise in secure design reviews and threat modeling, security tooling implementation and usage, and help monitor metrics and areas for improvement for their divisions.
✅ Product Security Leads develop specialized knowledge within their product area, liaising between engineering, product management, and product security to drive strategic initiatives within their divisions.
✅ The central product security team or Product Security Office (PSO) sets product security strategy for the entire organization, and each Product Security Lead works with their division to translate the initiatives into team execution.