What are security champions and what is their importance to cybersecurity?
Security champions are team members of a group that are assigned to take charge of leading the adoption, integration and practicing of security concepts into the functional activities of the group, business unit or even the entire organization. Moreover, security champions are non-security personnel who take the responsibilities of encouraging others to support and adopt more security initiatives or programs, practices and behaviors in the organization. Because, it is often difficult to introduce security across the organization using the cybersecurity team and security professionals alone. Besides, security champions are tasked with leveraging the relationship between cybersecurity team and the rest of the employees within the organization through security awareness raising programs. Security champions help bridge the gaps of cybersecurity between security team and the rest of the personnel by evangelizing, managing and enforcing security policies and posture in the organization.
Security champions are people who take the lead in a program to enable, create awareness, support, encourage and advocate the adoption of security practices, skill, knowledge and practice in the organization. Furthermore, they accomplish these activities through peer leadership, security awareness and training, and other social encouragement activities. Moreover, security champions can employ security awareness and training to improve the behavior of employees through security gamification programs.
The main steps that organizations may employ security champions include the following:
- Identify team members
- Define the role of the team
- Nominate security champions
- Establish communication channels
- Develop security knowledge management
- Maintain and motive the interest of the team members