Skip to content

5. Trust your champions


What

Trusting your champions is key to a successful Security Champions program. They are the eyes and ears of the organization and know exactly what their department’s security needs are.

Why

The Security Champions are the experts in their working area. A security team can never achieve that level of knowledge of the applications as they are not involved in the operational work. Using their expertise to set up the Security Champions program will increase the likelihood of success.

When making people responsible, it is key to allow them to understand and act according to the defined role. It will increase speed, but also increase involvement. Ideally the Security Champions co-own the program and strongly influence the direction and content. They can identify shortcomings and propose changes or give practical feedback on the matter.

Teams are more likely to trust their own champions as they are “one of their own” and not an “outsider” from the Security Team. They speak the same language and understand the context. This will lead to more effective communication, better collaboration and reduced resistance to change.

In summary, trust is the glue that holds a Security Champions Program together.

How

Trust is all about setting clear expectations. It should be clear to everyone involved what the Security Champions’ role is about and what their mandate is. Don’t be afraid to let your champions experiment with different approaches. Their lessons learned can be a valuable input to other departments, sharing is caring!

Give your Security Champions the mandate to make decisions on security within the risk appetite of your organization. By being in control and removing inefficiencies, they can add a lot of value to their teams and increase the security adoption & awareness. Do make sure they share their approach and reasoning to make sure the Security Champions can learn from each other and give constructive feedback.This way the organization can improve security related initiatives, decision making and processes..

Also involve the security champions in the processes of the core security team. Seek their input and opinions on security initiatives, policies, and practices to make them feel valued as active contributors. Use their feedback to improve the program, processes, and procedures.

Measure and showcase the impact that the Security Champions and the program make. Demonstrate how their efforts have positively influenced security outcomes, highlighting the value they bring to the organization. This will build up the Security Champions’ trustworthiness and boost morale.