Stacy Simpson, SAFECode
At SAFECode, we are always looking for common themes among our members that lead to successful software security outcomes. We’ve consistently found that while there may not be one single recipe for a successful product security program, the most tried and true recipes do share many common ingredients. One of those ingredients is the use of Security Champions (SCs).

All this month, SAFECode members will be sharing information on how to build and sustain a successful SC program — based on their experiences doing just that — through a series of blog posts and podcasts. They will also be available to take questions and discuss new ideas. These insights should be of interest to anyone working to build a more security-supportive culture within their development organizations – whether they already have an established SC program, are considering implementing one, or just hearing the idea for the first time.

Meet our Champion Contributors:

Vishal Asthana, CISSP is on a ‘Work Treadmill Break’ debating between running a marathon, keeping Garfield’s essence going, becoming a stand-up comic, or coming back to senses and taking up the next challenge in the software security space. As a professional, he is a seasoned practitioner with 16 years of combined work experience in various information security domains, the last 10 years being in software security. During this time, he has become skilled and passionate (read: crazy!) about assisting large enterprises with practical methods for addressing the ‘bad cop’ image their security teams often struggle with. Contribution to this blog series is the latest by-product of that effect. Specifics about his professional journey are available for ‘spare time’ reading on LinkedIn here:

Kristian Beckers grew up in Hamburg, Germany and received a PhD in Secure Software Engineering from the University Duisburg-Essen. He currently works as a Security Lifecycle Consultant at SIEMENS and focuses on secure agile and DevSecOps, as well as security training topics. Prior to that he worked for the Technical University Munich, Fraunhofer ISST, and NEC Network Research in Heidelberg. He is passionate about research, social learning and baking. Follow him on LinkedIn:

Manuel Ifland is a Product & Solution Security Manager at Siemens and is a member of the Board of Directors of SAFECode. He is passionate about increasing the security of critical infrastructure and has been conducting many risk analysis workshops, security assessments, and penetration tests in various technological areas. Follow him on Twitter @maifland and on LinkedIn:

John Martin, CISSP, CISM, is Boeing’s Security Program Manager with responsibilities ranging from DevSecOps to Commercial Software Security. His career spans the years between Blue-Box MF generators, through the era of automated hacks, and into our modern age of industrialized paranoia. Leading the SAFECode ‘Buyer’s Guide’ effort, he is a frequent speaker on the topic of commercial software security. John was named by SANS as one of the 10 Difference Makers in Cyber-Security for 2016. Follow him on LinkedIn:

Nick Ozmore, CISSP, has been involved with security related roles for over 20 years, the last six of which have been focused on application security. Currently in Product Security at Veracode, he is responsible for driving SDLC adoption and activities for Veracode’s own products and services. Previously he was in a similar role within EMC’s Product Security Office, working with EMC and RSA products. He believes that Product Security teams should maintain a positive consultative partnership with Development and work to build security into the organization’s culture. At both Veracode and EMC he has partnered closely with Security Champions to increase the security of development deliverables and bring awareness to residual risk to facilitate informed decision making. Follow him on LinkedIn:

Altaz Valani is the Director of Research at Security Compass and manages the overall research vision and team. Prior to joining Security Compass, he was a Senior Research Director and Executive Advisor at Info-Tech Research Group as well as a Senior Manager at KPMG. Altaz sits on the SAFECode Technical Leadership Council and several IEEE Working Groups where DevSecOps, Security, and Privacy challenges are being tackled at the international standards level.

Tania Ward grew up in Portrush, Northern Ireland and graduated from the University of Wales, Aberystwyth. She currently works as a Program Manager driving the security training and champion program across Dell. Previously, she worked in the Dell Product Security Incident Response Team. She is an EMT, ski patroller and believes “there is no wealth like knowledge and no poverty like ignorance.” Follow her on LinkedIn:

Izar Tarandach is a Lead Security Architect with Autodesk Inc., currently located in Eugene, Oregon. Being an astronaut was out of this world and neurosurgery was too messy, so the next logical choice was a career in Information Security. Main interests are threat modeling, improving SDLC processes, security training, automating things and making stuff do things it is not really supposed to. Follow him on Twitter at @izar_t or on LinkedIn.

Be a champion and start 2019 strong – be sure to check in on our blog, follow us on LinkedIn and Twitter, and join the conversation during SAFECode’s Month of Champions all January long. See you in the New Year!