4. Nominate a dedicated captain
What
Ensure you have a dedicated Captain to lead the development, implementation and continuous success of a Security Champions Program.
Why
Having a dedicated Captain for a Security Champions Program is important to ensure that the program has a clear strategy and roadmap and is well-organized on a continuous basis. Lack of a dedicated role for this task may lead to people doing it “on the side” while our experience and research shows that building and maintaining a Security Champion program is one that requires continuous attention.
Focus points for the dedicated Captain are:
-
Setting a clear strategy and roadmap for the Security Champions Program:
A dedicated Captain will create the strategy for the program and ensure this aligns with organizational goals and objectives. The dedicated captain furthermore can foster collaboration between security champions, other departments, and management to build a roadmap that is realistic and achievable. -
Obtaining management support:
A dedicated Captain will work with management to obtain support and resources (e.g. financial resources, time of security champions) for the program, which is essential for its success. The captain will serve as the face of the program towards (senior) management and report to management on its success. -
Building and maintaining a community:
A dedicated Captain will build and maintain a community of security champions within the organization. This community can help promote a culture of security awareness and best practices, and provide a valuable resource for sharing knowledge and experiences. The community, furthermore, once it has reached a level of maturity can take on independent security tasks, releasing some of the burden placed on dedicated security staff. -
Driving success:
A dedicated Captain can drive the overall success of the program by organizing events, providing guidance and support to security champions, and ensuring that the program is effectively promoted throughout the organization. -
Staying up-to-date on security practices:
A dedicated Captain can stay up-to-date on the latest information security practices and trends, and ensure that the Security Champions Program is aligned with industry best practices and incorporates this in the program roadmap. This ensures that the organization is well-prepared to handle any security threats that may arise.
How
The projects teams’ personal experience and interviews we have conducted with organizations that have Security Champions Programs have shown that leading a Security Champions program is a full-time job. In bigger organizations this may even require a small team. It is recommended to “nominate” or hire dedicated people that are passionate about this role and have the right skills set to drive it to ensure success. Having this as an “on the side job” takes away from the momentum and dedication needed to launch a successful program. Similarly, persons with security knowledge but lacking the right communication and organizational skills to drive such a program can be a factor in its lack of success.
Artefacts
This job vacancy can be used when looking to hire a dedicated Security Champion Captain.