9. Invest in your champions

What

Invest in the personal growth and development of your Security Champions.

Why

Security doesn't come for free and requires investments. These investments also show the organization that security is taken seriously and boost the morale of the Security Champions. Without proper investments, the security program and security culture can quickly degrade.

Security Champions spend a lot of effort in learning, sharing and promoting security in the organization and play an important role in the security culture of a company. Don’t take the motivation of the Security Champions for granted. The organization should invest in them to make sure they feel appreciated and facilitate their development. This ensures the Security Champions community stays healthy and continues to drive the security program.

How

By formally allocating time for security activities the Security Champions can combine security work with their other responsibilities. This investment will increase the quality and reduce the amount of rework and incidents.

Allocate budget for webinars, conferences and training to ensure Security Champions can develop and gain new knowledge. These new insights can uncover vulnerabilities and will most likely improve the quality and throughput time of the deliverables. Internal workshops, sessions, training and events are a great way to share knowledge within the organization and get new people excited for security.

Introduce job titles/specialized roles to give recognition to the Security Champions. Bonuses and promotion can be an additional incentive for employees to take security seriously and walk that extra mile.