LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Promote security culture

Promote security culture

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Promote security culture

“

- [Instructor] Ultimately, you'll want secure software lifecycle management to be inherent in your organization and not something imposed externally. You can accomplish this by developing security champions as well as by providing security education and guidance. As the CSSLP in the room, your job is not to do all of this work by yourself. Your job is to get things started and to build momentum. You'll do your fair share of work, but the end goal is to get others within your organization to take that same sense of ownership that you do of your application security posture. The people you'll engage first are going to be your security champions. Think of them as members of your extended security team. They don't officially report to you or your manager, but they're your primary context throughout the organization who understand both what you do from a security standpoint and what their teammates do from a day-to-day business standpoint. When I was building my first enterprise security…

Contents