Security champions should be an integral part of your security team. When this position was first introduced five or so years ago as part of the cybersecurity structure, the security champion was someone from the development team whose role was to bridge the gap between development and security. The role of security champion has morphed a bit over the years, moving beyond just the technical aspects and acting as a security mentor or liaison for the overall organization.
As cybersecurity becomes more of a business operations concern, security champions play an increasingly important role in establishing an organization's security culture. Their roles range from training their co-workers in best security practices to assisting with security audits to threat reporting. All organizations need security champions to address cybersecurity threats, but how do you select the right people for the role?
According to the OWASP Security Champions Playbook, there are six points to follow when selecting security champions. They are:
Your security champions -whether it is one person representing the organization or a team of people -should meet OWASP's playbook recommendations. Security champions don't have to be part of the organization's leadership team, but they should show leadership skills because they will be tasked with helping others follow security best practices. Those tasked with finding security champions should look for someone who has already proven an interest in cybersecurity -for example, someone who volunteers to assist with audits or regularly recognizes and reports potential attacks. Potential security champions should also demonstrate good people and communication skills, as they will be asked to mentor other employees and lead security awareness training.
Cyber threats are increasing and growing more sophisticated. By choosing good security champions to provide a link between all facets of the organization and the security team, you add another layer of protection for your network and data.