Three things to remember when you’re setting up a security champions programme image

Three things to remember when you’re setting up a security champions programme

OK, I confess, the start of 2024 was not all it was cracked up to be for me. That was until I hosted our first Layer 8 Champions® community meetup of the year on 6 February.

I went from feeling worn out to totally energised in the space of just a few hours. Surprising what a good conversation and a Zoom room full of awesomeness can do!

Let me get you up to speed on Layer 8 Champions® community meetups. For now, it’s a virtual space where awareness, culture and training specialists/enthusiasts get together to share ideas and successes, and resolve challenges encountered within their security champions programmes. And these sessions are now regularly attended by people all over the world.

Bringing plenty of sparkle and wisdom, the meetup started with an open and frank panel discussion between our three guest speakers. Meri Roboçi and Robin Bylenga represent a global financial institution, and have just started their programme. Becca LaFoy also joined us from Medtronic, a global medtech organisation, where she’s been running a security champions programme for more than 7 years. Suffice to say their advice was pretty cool, and the attendees thought so too.

Here are a few points that really caught my attention:

  • Analysis paralysis! This phrase came up in discussion – and personally I love it. How often do we sit there with a task and spend way too much time considering all the options? Sometimes, we just need to get started. When analysis paralysis was mentioned, a number of others agreed it had been a problem for them too. So in the spirit of the community, we focused on finding solutions for this and talked about the critical success factors that needed to be in place for a minimal viable programme.
  • The second gem was to ‘make it risk based and measure’. Getting clarity right at the start about the purpose and outcomes of your programme makes it really easy to measure.  And there doesn’t need to be hundreds, you could start with one outcome, like increasing phishing reporting rates, and build from there.
  • And finally, we stopped to remember that new security champions probably don’t come from a security background. Starting with the basics is both necessary and welcomed.

Head to the Layer 8 Champions® Hub for the full resource – available to download now.

So why did I start out feeling like I was running on empty? Well, one of the reasons was because I’d been flat out working on a brand new proof of concept. It’s for people who simply want access to training and materials, plus some one-on-one support to set up and run their security champions programme. I’m currently in the research phase, and having super some valuable conversations with the community to find out what they need. We’ll launch the proof-of-concept later this year, and in return for your feedback we’ll be offering a discount for pilot participants.

If you’d like to talk about this in more detail, get in touch with us today.

News & Views

Take a look at some of our other posts