At most places, security teams are quite lean on people in a company, where we could easily have a dev:security engineer ratio anywhere between 1:30 to 1:50. So having a larger set of people looking out for the security of the organisation would definitely help.

The idea was to make people proactively get involved in security and be more ‘security-savvy’. A lot of people love and play games in some form or the other, especially multiplayer games. We tried to gamify the 'security experience' to improve the security-savviness at our organisation. This would help us to recognise more 'security champions' from different teams and help to find early adopters for our security initiatives.

In this talk I go through the process of ideation to creation of the security champions leaderboard and how it’s improved the overall developer and security culture at the organisation. Easing out the security team’s work in the organisation.