OWASP Building Security In Maturity Model

[T2.5: 41] ENHANCE SECURITY CHAMPIONS THROUGH TRAINING AND EVENTS.
Strengthen the security champions network (see [SM2.3]) by inviting guest speakers or holding special events about advanced software security topics. This effort is about providing to the champions customized training (e.g., the latest software security techniques for DevOps or serverless technologies or on the implications of new policies and standards) so that it can fulfill its assigned responsibilities—it’s not about inviting champions members to routine brown bags or signing them up for standard computer-based training. Similarly, a standing conference call with voluntary attendance won’t get the desired results, which are as much about building camaraderie as they are about sharing knowledge and organizational efficiency. Regular events build community and facilitate collaboration and collective problem-solving. Face-to-face meetings are by far the most effective, even if they happen only once or twice a year and even if some participants must attend by videoconferencing. In teams with many geographically dispersed and work-fromhome members, simply turning on cameras and ensuring that everyone gets a chance to speak makes a substantial difference.