Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » How Security Teams Can Better Engage Developers in the AppSec Process
Cybersecurity

How Security Teams Can Better Engage Developers in the AppSec Process

Robert WoodBy Robert WoodNovember 7, 2022Updated:December 1, 20224 Mins Read
Facebook Twitter LinkedIn Email
security teams developers
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

Security cannot succeed unless it works with development teams in the application security space. It needs developers to do things like patch servers, fix pen test findings, and update libraries, among other maintenance activities — each of which has a direct correlation with managing risk in a piece of software. At times as well, security must convince development teams that a security issue should be fixed over building another feature. Given their interdependence, security teams must find creative ways of engaging development teams in conversation and partnership.

This article will touch on several ways that security teams can engage in developer outreach. As the active engagement and partnership between the teams increases, security outcomes will improve.

Friendly Competition

People love games. There are many fun ways to create friendly competition among teams while simultaneously fostering security awareness and building relationships. One possibility is by hosting a security-themed hackathon. Putting on a hackathon is a lot of work but can be very appealing to the developer community.

Another option for a competitive form of development outreach is gamified challenges related to secure coding or related topics. Sometimes these are a hit, sometimes they’re a total flop. In my experience, their success depends on how stretched development teams are (do they have time to spend playing games?); how invested they are in self-development; and the overall team culture.

The incentives tied to gamification can reinforce certain kinds of behavior and outcomes. For example, a monetary reward or recognition for teams or individuals that perform well may create more engagement and interest. It’s good to experiment and take a human-centered design approach: Look at what’s important and relevant to the people on the other side of this and engage them in the process. For some relevant ideas, check out Trailhead, the gamification training program rolled out at SalesForce several years ago.

The big thing is to try to make the competition fun. If people are having fun, they will come back for more. The more engagement that can be facilitated, the more positive outcomes will be shared across the teams.

Champions

Security champion programs have been happening for several years now. This typically manifests when a development team member becomes a focused security advocate and takes on more coordination and security responsibilities within that development team. As such, there is a good body of work around how to begin such a program and more importantly, how to sustain and grow it.

One of the most important security champion program elements is ongoing volunteer engagement and growth paths. If people don’t have time properly carved out, incentives properly aligned, or engagement with the security team, then the program will almost certainly die out and will likely be counterproductive. There must be clearly defined roles and agreement within leadership on this, and time has to come from somewhere.

Run well, though, a champions program can be a powerful means of scaling developer engagement across an organization.

Callouts

Most people appreciate being recognized for good work. If you’re on the security team, and you recognize a particular developer or a team undertaking tasks that you would be thrilled to see everyone doing, then make sure you recognize them. These tasks could be proactively seeking out bugs and fixing them, setting up more security tools and actively using them, or engaging with the team to do threat models, to name just a few activities. There are a lot of options for recognition at the security team’s disposal. Below are a few that I’ve personally used to great effect:

  • Notable mentions at large meetings such as all-hands or in newsletters
  • Passing around a physical trophy to create a fun kind of competition (a shield, engraved trophy, big hat, etc.). This one worked better pre-Covid when there was more of an emphasis on in-office culture, but there are plenty of virtual ways to recognize people.
  • Handing out challenge coins or gift cards
  • T-shirts or other kinds of swag that can be displayed by the recipient

Concluding Thoughts

Security teams need development teams. We can’t function solely through policy and mandates, not well anyway. To operate effectively, security teams must engage with and build relationships with other teams and leaders. The three areas above are a starting point to get ideas going on implementing this outreach. You don’t need to jump in right away: Begin small, experiment, adapt, and grow. The most important thing in my experience is to be intentional and consistent with your efforts.


Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

apps business culture culture Cybersecurity featured HR security teams
Share. Facebook Twitter LinkedIn Email
Robert Wood

Robert Wood is an Acceleration Economy Analyst focusing on Cybersecurity. He has led the development of multiple cybersecurity programs from the ground up at startups across the healthcare, cyber security, and digital marketing industries. Between experience with startups and application security consulting he has both leadership and hands on experience across technical domains such as the cloud, containers, DevSecOps, quantitative risk assessments, and more. Robert has a deep interest in the soft skills side of cybersecurity leadership, workforce development, communication and budget and strategy alignment. He is currently a Federal Civilian for an Executive Branch Agency and his views are his own, not representing that of the U.S. Government or any agency.

Related Posts

Oracle and AWS Ceasefire Triggers 10 Big Benefits for Customers

July 14, 2025

Inside AWS’s Custom Liquid Cooling Breakthrough for NVIDIA AI GPUs

July 14, 2025

Oracle + AWS: Romance in the Cloud!! Customers Swoon!!

July 14, 2025

IBM Launches Industry-First Governance Tools for Agentic AI Security

July 11, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Oracle and AWS Ceasefire Triggers 10 Big Benefits for Customers
  • Inside AWS’s Custom Liquid Cooling Breakthrough for NVIDIA AI GPUs
  • Oracle + AWS: Romance in the Cloud!! Customers Swoon!!
  • IBM Launches Industry-First Governance Tools for Agentic AI Security
  • ServiceNow Partner, Nicus: Financial Intelligence Layer for Enterprise Tech

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.