diff --git a/content/sessions/2024/mini-summits/Jan/Governance/Championing-Security-Scaling Security-At-Every-Level.md b/content/sessions/2024/mini-summits/Jan/Governance/Championing-Security-Scaling Security-At-Every-Level.md index a5ff9600ced..33edaa2ca22 100644 --- a/content/sessions/2024/mini-summits/Jan/Governance/Championing-Security-Scaling Security-At-Every-Level.md +++ b/content/sessions/2024/mini-summits/Jan/Governance/Championing-Security-Scaling Security-At-Every-Level.md @@ -23,14 +23,12 @@ zoom_link : --- ## About this session -"No one wants their keys, passwords, and other secrets exposed. Ideally, no developer would ever hardcode anything like that into their work, but unfortunately, a lot of repos are just one bad push from the world gaining access to sensitive data and mission-critical systems. In the best-case scenario, you discover the issue and fix it before something terrible happens, but in the worse cases, you don’t find out until it is far too late. Just ask folks like Uber or Twitch. +Security teams, at best, are outnumbered 100 to 1 in their organizations. Securing every door, window, network, endpoint, device, API, and system is an overwhelmingly endless task. How can we hope to keep the enterprise secure while the threat landscape keeps evolving ever faster? -Most devs are familiar with using .env and .gitignore files to help prevent Git from tracking specific files and folders. But did you know that you can leverage git hooks, and some open source awesomeness, to keep from accidentally committing your secrets in the first place? +It is time for an age of champions. Security Champions. -Walk away from this session with some concrete actions you and your devs can take to make sure no secrets make it into your shared hosted repos ever again! -But that is just the start. If you are not actively using Git hooks in your workflows, then this talk is for you. Let's look into the .git folder and unlock a whole world of automation possibilities! +Security champions are individual team members on teams outside of security who volunteer to stay up to date with security updates and help spread the word. They look for places where security best practices can be applied and help the security team know where people are struggling and have questions. + +This session will explore the guidelines put forth by some open-source communities, such as OWASPs Security Champions Guide, and learn some best practices for starting a program and getting your teams on board. -My hope with this session is to help everyone add some easy-to-implement automation to their workflows to prevent making more extreme, and costly, kind of mistakes." -### Publications: -https://blog.gitguardian.com/how-to-use-ggshield-to-avoid-hardcoded-secrets-cheat-sheet-included/