Today, I’m joined by Enrique Larios Vargas, a Security and Learning Specialist at Adyen.

Enrique has over eight years of experience designing impactful learning and enablement programs across fintech, engineering, and security. He’s also been a university lecturer in software engineering in Peru, the Netherlands, and Canada.

Bringing together technical expertise and behavioral science, Enrique is passionate about helping developers move beyond compliance and build a meaningful, human-centered security culture.

In this episode, we dive into his research paper, “DASP: A Framework for Driving the Adoption of Software Security Practices,” co-authored with five others (all listed in the description). The paper explores how behavioral models like COM-B can drive secure development practices.

We also get into incentives and Enrique’s controversial take on why we shouldn’t call security champions “champions” anymore. He’ll even be put to the test on this topic at the upcoming Elephant in AppSec conference, where he’ll debate it with other panelists.

Dive right in!