Skip to content

6. Create a community


What

A community provides a platform for security champions to share knowledge, experiences, challenges, and best practices with each other. A community furthermore helps to foster a culture of security awareness, collaboration, and continuous learning among the security champions and their teams. A community can provide recognition, feedback, and support for the security champions.

Why

Creating an active and vibrant community of Security Champions is vital to the success of any Security Champions Program and provides an additional channel to scale the security program.

How

To create a community for a security champions program, the following should be considered:

  • Start by defining a clear purpose, goals, and scope of the community. This should be aligned with the vision of the security champion’s program (see pillar 2). What are the expected outcomes and benefits of the community? Define measurable success criteria and appoint a person to continuously monitor the status of success in the community. This can be the dedicated captain or one of his/her team members in case the security champions program is led by multiple individuals.

  • Define how the community will align with the organization’s security strategy and objectives. The dedicated captain and/or some champions will attend security strategy update sessions, or security executives will provide periodic updates in the security champions' community on strategy and execution.

  • Establish regular communication and collaboration channels for the security champions to interact with each other and with the security team. This can include online forums, chat groups, mailing lists, social media platforms, shared workspaces that allow the security champions to ask questions, share ideas, discuss issues, provide feedback, etc.

  • Organize periodic events and activities for the security champions to engage with the community and learn from each other. This can include meetups, hackathons, workshops, presentations, demos, games, quizzes, etc. that showcase security projects, achievements, challenges, solutions, etc.

  • Recognize and reward the security champions for their contributions and achievements. This can include certificates, badges, trophies, prizes, opportunities to speak about security topics in the name of the organization, etc. to acknowledge and appreciate the security champions’ efforts and impact on improving security in the organization. Refer to pillar 8 for more details.

  • Provide group training opportunities to foster the sense of community and encourage security champions to learn from each other. A security champion with a lot of knowledge in a specific area can serve as a teacher to others in the community. They can develop (online) courses, workshops, webinars, podcasts, newsletters, blogs, etc for the security champions community. The dedicated captain has a big role in enabling this and providing the resources necessary to achieve this.