updating content

content/2.Using-jira-workflow/Security-champions/Security-champions-dont-take-it-personally.md

@@ -1,11 +1,11 @@
 ### Security Champions Don't Take it Personally
 
-If you are a security champion, don't take it personally if teams aren't listening to you. Don't think that you are the problem, that you aren't good enough or that you are failing to communicate in some way.
+If you are a Security Champion, don't take it personally if teams aren't listening to you. Don't think that you are the problem, that you aren't good enough or that you are failing to communicate in some way.
 
-In most cases, the problem isn't you. The problem is actually the system; the company isn't structured in a way that allows the security champion's questions to be prioritised and answered.
+In most cases, the problem isn't you. The problem is actually the system; the company isn't structured in a way that allows the security champion's questions to be prioritised and answered. In other cases the Security Champion is not included in security-relevant architectural meetings and decisions.
 
 So, if you find that you are struggling to get traction from a team, the team isn't responding, or it fights you, then drop those requests (as long as the Risk as been accepted). If they treat you as a TAX, as somebody who is giving them work they don't want to do, then also drop it.
 
 In the Risk ticket, explain that you tried to persuade the team to accept the risks of not doing security, and that they are now responsible for their security, because you cannot help them.
 
-In such cases the problem lies not with the security champion, but with the company and the organisation, maybe even sometimes with the team itself. This is why it is important to have success stories you can point to and say, "Hey! It worked with that team, and it worked with that team. If it doesn't work with this team, then I am not the problem".
+In such cases, the problem lies not with the Security Champion, but with the company and the organisation, maybe even sometimes with the team itself. This is why it is important to have success stories you can point to and say, _"Hey! It worked with that team, and it worked with that team. If it doesn't work with this team, then I am not the problem"_.

content/2.Using-jira-workflow/Security-champions/The-security-champions-concept.md

@@ -1,6 +1,6 @@
 ### The Security Champions Concept
 
-> _"If everyone is responsible for security, then nobody is"_ [Patrick-Lencioni^]
+> _"If everyone is responsible for security, then nobody is"_ [^Patrick_Lencioni]
 
 * What are Security Champions?
 * Why Security Champions
@@ -14,5 +14,5 @@
 * explain how JIRA Risk Workflow is connected to the Security champions
 
 
-[Patrick-Lencioni^]: a variation of the quote:
+[^Patrick_Lencioni]: a variation of the quote:
 “If everything is important, then nothing is.” from  Patrick Lencioni

content/2.Using-jira-workflow/Security-champions/What-is-an-security-champion.md

@@ -4,11 +4,12 @@ Security Champions are a key element of an AppSec team, since they create an cro
 
 **What is an Security Champion?**
 
-*  Security Champions are active members of a team that may help to make decisions about when to engage the Security Team
-*  Act as the "voice" of security for the given product or team
-*  Assist in the triage of security bugs for their team or area
+  *  Security Champions are active members of a team that may help to make decisions about when to engage the Security Team
+  *  Act as the "voice" of security for the given product or team
+  *  Assist in the triage of security bugs for their team or area
 
 **What do they do?**
+
   *  Actively participate in the AppSec JIRA and WIKI
   *  Collaborate with other security champions
      *  Review impact of 'breaking changes' made in other projects