Building Security Champions

How do you scale security when you're outnumbered 100 to 1? Learn to build a champions program that turns passionate developers into your strongest security advocates.

#1about 3 minutes

The challenge of scaling application security teams

Security teams are outnumbered by developers, creating a need to scale security efforts beyond just hiring more people.

#2about 4 minutes

Defining the role of a security champion

A security champion is an enthusiastic team member who acts as a communicator, advocate, and first line of defense for security within their own team.

#3about 7 minutes

Recruiting champions by attracting volunteers

Instead of forcing participation, attract passionate volunteers by creating opportunities for them to reveal their interest and always get their manager's approval.

#4about 4 minutes

Engaging champions to build trust and involvement

Build trust and engagement by involving champions in security incidents, sharing appropriate information, and regularly checking in on their work.

#5about 2 minutes

Teaching champions only what they need to know

Focus training on essential knowledge like secure coding, architecture, and internal policies to respect their time and maximize effectiveness.

#6about 4 minutes

Recognizing and rewarding champions for their contributions

Acknowledge champions' work through public recognition, notes in performance reviews, and tangible rewards like training or conference access to make them feel valued.

#7about 7 minutes

Maintaining program momentum through consistency

A security champions program requires consistent practice and communication to build and maintain a positive security culture, so you must not stop.

#8about 4 minutes

Applying the security champion model in small businesses

In small businesses, integrate brief security and privacy topics into all-staff meetings and publicly praise employees who demonstrate good security practices.

#9about 6 minutes

How employees can proactively become a champion

Employees interested in security can become champions by proactively reporting issues, offering help on security-related tasks, and consistently showing their interest to the security team.

#10about 3 minutes

Preventing burnout among security champions

Prevent champion burnout by regularly checking on their workload, securing management buy-in for their time, and demonstrating the real-world impact of their security contributions.