Security Champ Chatter: Tips For Working on a Project Team

Ever wonder what it is like to work on a SAFECode project team? Two of our Champions – Vishal Asthana and Altaz Valani were kind enough to participate in a short Q&A; about their experience working on the Security Champions and other SAFECode projects.

Q: We all have busy day jobs and volunteering to author an article or blog post can be a lot of work. What benefit did you get out of the time spent on this project?

Altaz: “The benefits are numerous. I think that opportunities to connect with other like- minded individuals, share common practices, hear new perspectives, and influence the industry are among the top benefits.”

Vishal: “For me, I appreciated the opportunity to a part of an industry thought leadership initiative on a topic that’s emerged as a vital element for scaling SDL programs scale and making them ‘stick’. It was also helpful to hear diverse opinions from SDL practitioners from other organizations, participate and witness candid discussions throughout the project, and then see the eventual convergence to a common ground/offering. In terms of building professional soft skills, this was a good way to see how projects with multiple distributed stakeholders are best handled.

Q: What advice would you offer to someone who is interested in volunteering with SAFECode, but worried about the time commitment. Can SAFECode support interested members who may not have a lot of time to give, but would still like to help when they can?

Altaz: “Some projects require more commitment than others. Get involved with a project that meets your availability. Even within projects, there are opportunities to scope your involvement – perhaps, just writing or reviewing a blog post, for example.”

Vishal: “Flexibility in time commitment is a given in such volunteer-driven efforts and other volunteers fully understand that. For example, the way we handled it in this series was by us setting up recurring weekly touch point calls (with no end date) early on. Then, every week, whoever joined helped move the ball forward in terms of potential tasks (and assignees) before the next call. There were occasions where none of us had time during a given week or a working group member had an emergency that took them away from the group for a few weeks. All of this was okay. Such instances were simply used to re-assign tasks and revise timelines, if necessary.”

Altaz: “Yes, I agree with Vishal. Everyone is a volunteer and we are here to help each other. Take the first step and get involved. You’ll be surprised how supportive the other volunteers are.”

Q: Any advice for those interested in learning more about Security Champions programs?

Vishal: “In the series, we have attempted end-to-end coverage of all major aspects of a Security Champions Program – underlying need, personas, R&Rs;, strategy, rollout considerations, metrics, and long-term sustainability. Content is based on collective ‘battle-tested’ experiences and understanding of authors and presented as digestible capsules to ease ready consumption. If you are thinking of building, strengthening, or validating a Security Champions program, we recommend using this series as a practical cheat sheet/guide to simply get started.”

Altaz: “Also, if you have an idea or question, let SAFECode know. In addition, you can get plugged into your local user groups and communities, like OWASP, and see if they’d be interested in sharing more ideas about Security Champions programs.”