Wednesday 

Room 2 

10:20 - 11:20 

(UTC+01

Talk (60 min)

Security Champion Worst Practices

Security champion programs are all the rage right now, but they aren’t a magic bullet; they are a lot of work and more than half of them fail.

Application Security

We want to scale our security programs and improve security culture and communication, but what happens when are champions are less-than-enthused? There’s no support from management? We can’t get enough buy in? Let’s look at when things go WRONG with security champions programs, with this list of WORST practices, and how to avoid each one.

Tanya Janca

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She also is the head of education and community at Semgrep, running their online community and academy which both revolve around teaching everyone to create secure software.

Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.


Advisor: Nord VPN, Cloud Defense, Aiya Corp, ICTC PAC
Founder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
Faculty: IANS Research