![]() ![]() All training is completed by the first quarter and also includes ad-hoc presentations from members of the security team on technologies, best practices, and processes. The program also enabled Champions to complete the online courses at their own pace. After investigating various outside training options for our champions, we decided on the Stanford program because it offered a well-rounded curriculum on overall security design principles, including concrete programming techniques, network security, cryptography, and mobile security, to name a few. Security training materials are developed in-house at LinkedIn and are supplemented by the Stanford Advanced Computer Security Certificate Program. This one-to-one pairing works well because it is exclusive and personal, and both parties can learn from each other. The buddies make sure that training stays on track to be completed in the first quarter and that the champions are fully engaged and motivated. Since each Champion is unique, so too is their tour of duty. Security buddies have frequent meetups with the Champions, working off of a customized “tour of duty”-a set of actionable security milestones or projects. The selected Champions are then paired with “buddies” on the security team who work with them for the entirety of the program. Once the nominations are received, the security team selects a pool of participants, ensuring representation across teams and skill sets. The easy nomination form requests basic information and responses about why the candidate would be a good choice for the program. Anyone who works in engineering can nominate someone, including themselves. The program begins with a call for nominations. The first quarter is dedicated to security training, and the second quarter to achieving milestones, such as completing security-oriented projects. How does the Security Champions Program work? Managed by the LinkedIn Information Security Group, each round of the Champions program runs for a period of six months. Any engineer who has good situational awareness for his or her team, is interested in learning about information security, and is passionate about protecting LinkedIn while strengthening its security posture is an ideal candidate for the program. Who can become a Security Champion? No prior infosec knowledge or training is required to become a Security Champion. While the Information Security Group maintains ultimate responsibility and oversight for security, Champions can assist with design reviews and also serve as the first point of contact for security incident response for their teams. What do Security Champions do? Upon successful completion of the program, Security Champions become security resources for their teams, often driving security improvements within their teams and products. Champions spend 25% of their working time during the program on these issues. Who is a Security Champion? A LinkedIn Security Champion is passionate about information security, dedicated to protecting LinkedIn against security threats, and committed to increasing security awareness for his or her team. ![]() After all, better security benefits all of us! It is our hope that the ideas and tactics outlined below can assist other interested groups in creating their own versions of the program. That’s why we’ve decided to “open source” the program by sharing our playbook-a guide to how we run our Security Champions program. We’ve found immense value in our Security Champions Program and think that other organizations might benefit from adapting the program to address their own needs as well. Since its creation, the Security Champions Program has successfully graduated more than 50 Champions. Through participation in the program, Champions can take advantage of a valuable career advancement opportunity by gaining new skills and becoming knowledgeable resources for their teams. As part of the program, members of the LinkedIn Information Security Group engage, mentor, and train selected engineers-or “Champions”-to become more security-aware, providing high-impact training and eventually guiding them to be the “voice,” or first point of contact, for security for their own teams. While there were many off-the-shelf certification programs available, we found that the best way to achieve these goals was to create an in-house Security Champions Program. ![]() Three years ago, LinkedIn was looking to boost its internal security initiatives and encourage engineers to develop expertise in this crucial area. Co-authors: Pavi Ramamurthy and Angel Liu ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |