Tanya on stage

Security Champion Worst Practices – My Slides from Barcelona

Written by

Posted on 2 Comments

Thank you very much to everyone who came to my talk at OWASP Global AppSec in Barcelona! It was so lovely to have the chance to speak to so many of you, and to share our experiences around security champion programs — especially the ways they can go wrong, and how to avoid those situations. Below are my slides, in PDF. You can also see a recording of me giving the same talk at NDC Security, in Oslo, Norway, at the end of this post. I plan to be at the next edition of OWASP Global AppSec in Washington, DC, USA in November 2025, and the next edition of NDC Security conference in Manchester, UK in December 2025. Will I see you at one of these events? If so, please say hello!

Title: Security Champion Worst Practices

Abstract:
Security champion programs are all the rage right now, but they aren’t a magic bullet; they are a lot of work and more than half of them fail. We want to scale our security programs and improve security culture and communication, but what happens when our champions are less-than-enthused? There’s no support from management? We can’t get enough buy-in? Let’s look at when things go wrong with security champion programs, with this list of worst practices — and how to avoid each one.

Download the slides here.

Security Champions Worst Practices Tanya JancaDownload

Photos!

Speaker at the Global AppSec conference in Barcelona, standing confidently on stage beside a presentation display featuring conference details.
Security Champion Worst Practices
Four women stand together smiling at a conference, wearing name badges and casual attire. The background features a presentation screen related to the event.
The keynote speakers, Kim and I
A speaker presenting at a conference on security champion programs, with a slide displaying the statement about the challenges faced by security teams in maintaining program sustainability. The audience is seen in the foreground.
Tanya Talking, what she does best
Selfie of two individuals smiling in front of a colorful event backdrop featuring text about a conference in Barcelona.
Izar and I at Meet the Mentor
Group of people posing together and smiling in front of a booth with 'Semgrep' branding at a conference.
The Semgrep team
Two women smiling together outdoors, one wearing sunglasses and a purple dress, the other in a green top, with a cafe and flowers in the background.
Kim Wuyts and I
Group of people participating in a hands-on activity, wearing blindfolds and black aprons, engaged in a learning experience; a facilitator is guiding them.
Can you guess the spice?
A speaker presenting at a conference, wearing a purple dress and holding a remote, with a large screen displaying a presentation in the background.
Like my new glasses? Finally I could see my slides!
A person smiling and cooking in a busy kitchen, with various people and cooking equipment in the background.
Paella Cooking Class

2 comments

  1. Thank you for sharing the slides! On slide 59 you share some new problems/opportunities you discovered more recently. I encountered some of them as well, but what do you mean with “Inceptives aren’t tangible”?

    Reply

Leave a Reply

Discover more from SheHacksPurple

Subscribe now to keep reading and get access to the full archive.

Continue reading