Cybersecurity Awareness Month: Understanding the Importance of a Strong Security Culture

October 3, 2017


October is National Cybersecurity Awareness Month. As demonstrated by the recent Equifax breach, where hackers obtained an estimated 143 million American consumers’ personally identifiable information, including Social Security numbers and driver’s license numbers, individuals and companies alike need to be more security conscious and better prepared to reduce cyber security risk.

Equifax and the Importance of Security Culture

In the case of Equifax security, the root cause of the breach was due to an Apache Struts server-side template injection vulnerability, which is described in a detailed technical analysis by Eric Rafallof from Gotham Digital Science. This is a vulnerability rated “critical” with a maximum 10.0 score, which was disclosed and fixed by Apache on March 6, 2017 with the release of Apache Struts version 2.3.32 or

Organizations can prevent data breaches by performing software patches on a timely basis, and by coding applications securely from the start. A strong security culture can help ensure that developers embrace secure practices at the grassroots level, and do not simply adhere to internal policies enforced by risk management and internal audit after the fact.

Secure DevOps through Security Champions Programs

One successful model for spreading secure practices and developing a strong security culture across an organization is implementing a Security Champions Program. Gartner offers recommendations about how to design such a program and how DevOps security champions can help organizations gain leverage without a firm having to invest in training for everyone. Gartner recommends that security and risk management leaders should position an individual as a security expert within different development teams; there they act as a champion who conveys security priorities to colleagues.

No matter whether you are a small or large firm, Security Compass can help kickstart and develop your Security Champions program. We offer training for your champions, speaker forums from industry experts, program management, and help you demonstrate program success to support your business case.

OWASP Top 10 Vulnerabilities Training

We blend the best of Instructor-Led Training on OWASP Top 10 vulnerabilities in addition to role-based training in the form of Software Security Practitioner (SSP) Suites to help organizations spread secure practices at the grassroots level. Role-based learning allows developers only to learn what is relevant to their day-to-day job quickly and effectively. Security Compass is the sole provider of SSP Suites, which were developed in partnership with (ISC)², global information security education and certifications leader.

Protect your business’s health and reputation by implementing a Security Champions Program. Go here to obtain a brochure, or contact us to find out how Security Compass can help you.

Some of Our Partners



Previous Article
Building Security In: SD Elements Extends its Coverage of DevOps with Software Operational Security
Building Security In: SD Elements Extends its Coverage of DevOps with Software Operational Security

We've expanded our Operational Security coverage in SD Elements.

Next Article
GDPR Compliance: How to prepare for the EU’s new personal information rules
GDPR Compliance: How to prepare for the EU’s new personal information rules

By Mina Miri and Nathanael Mohammed General Data Protection Regulation (GDPR) will change the way the Europ...

Learn how you can use SD Elements to integrate security into software development.

Watch Video