
AWS developed the Security Guardians program to distribute security ownership between security teams and product developers, enabling faster product launches while maintaining security standards through trained developer ambassadors who champion security practices within their teams.


<div><p>This article explains how AWS created the Security Guardians program to scale security by distributing ownership between security and development teams.</p><ul><li>Security teams become bottlenecks as product development scales faster than hiring</li><li>AWS requires independent security reviews before all product launches</li><li>Security is a business priority with CISO reporting directly to CEO</li><li>Product teams own security; central teams provide guidance and verification</li><li>Guardians are trained developers who champion security within product teams</li><li>Guardians perform initial security review submissions before AppSec engineers</li><li>Results: 22.5% fewer medium/high severity findings, 26.9% faster reviews</li><li>Program scales security expertise without hiring additional security staff</li></ul><p>The Security Guardians program successfully distributes security ownership, enabling faster product launches while maintaining high security standards through embedded security champions.</p></div>


Related articles