A naukri.com initiative
Amazon
3w
409
Image Credit: Amazon
How to build a Security Guardians program to distribute security ownership
- This post explains how to build a Security Guardians program similar to AWS Security Guardians that trains, develops, and empowers builder teams to make security decisions about the software that they create.
- The first step to building a successful Security Guardians program is to set the vision, mission, and goals of the program and align them with executive support.
- The next step is to identify developer teams that can pilot the new program and choose Security Guardians who can exhibit well-informed and decisive judgement, advocate for security needs and hold a high-security bar.
- Defining the expected behaviors for Security Guardians, developer, and security teams is important to articulate the measurable behaviors and responsibilities of Security Guardians and how they interact to ensure the successful launch of a secure product.
- Maintaining interest is an important aspect of keeping the Security Guardians engaged along with providing clear training and learning paths and opportunities for career advancement.
- Measuring the success of the program is an important step to verify if the desired outcomes are being achieved and to provide feedback to Security Guardians.
- The best ways to maintain interest and measure success depend on the culture of the organization.
- To develop your own Security Guardians program, contact your AWS account representative to connect with a specialist who can help you develop your program.
- Regularly inspecting the outcomes delivered by the Security Guardians program and making incremental improvements as the program matures is crucial.
- Training individuals to become Security Guardians is one way to distribute security ownership, while another approach is to embed security engineers directly with product development teams.
Read Full Article
24 Likes
For uninterrupted reading, download the app