#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion includes actionable steps to establish a robust security champions program, from defining a vision to executing with gamification. Whether you’re an aspiring champion or a seasoned cybersecurity leader, this episode is packed with valuable insights to elevate your organization’s security practices. Big Thanks to our Sponsors: ZeroPath - https://zeropath.com/ CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!   Transcripts - https://docs.google.com/document/d/1IgPbmnNaEF_1GIQTRxHStOoUKtZM4azH   Learn more about this topic by reading Justin's Website - https://securitychampionsuccessguide.org/ Justin Lehr's Company - https://www.katilyst.com/   Chapters 01:05 Meet Dustin Lair 04:05 Leadership vs. Management 06:17 The Role of Security Champions 17:20 Recruiting Security Champions 24:42 Exploring the Framework: Vision and Goals 26:25 Defining Participants and Their Roles 28:37 Understanding the Current Setting 33:27 Conceptualizing Ideal Actions 35:20 Designing with Gamification in Mind 40:30 Effective Delivery and Continuous Tuning 41:30 Overcoming Challenges and Final Thoughts