Security Awareness Blog

Awareness Ambassador Programs - Pumping Up The Volume

A common challenge with awareness programs for large organizations is no one single awareness officer can effectively communicate to everyone. As a result, larger organizations will sometimes build an ambassador program, these are volunteers that help represent the security awareness team and share best practices, answer simple security questions and can be a conduit between their peers and the security team. Sometimes these ambassadors have some additional training. The idea is these ambassador programs help compliment the awareness program and expand its reach.

Recently I had the thrill of working with an organization that took this concept to a whole new level, where the ambassador program WAS their security awareness program. Individuals were carefully selected throughout the organization to become official security ambassadors. Each one of these individuals received a full day of initial training with planned follow-on training. In addition to training these ambassadors had their own website which provided updated information and resources, forums for internal ambassador communications, and even their own local budgets. In addition, these ambassadors were recognized for their training and efforts with official certificates and plaques. You know a multi-billion dollar organization is serious about its awareness program when both the CIO and CISO are there to personally assist with the ambassador training.

This was amazing to see in action as I saw the power of individuals communicating with their co-workers. These ambassadors understand the challenges their peers face, how to best to communicate to and engage them and change their behaviors. I also learned that while people throughout the organization faced the same common challenges (such as co-workers simply not realizing they are a target) each ambassador would approach and address these issues differently.

I'm really excited about this concept and look forward to seeing how it grows and develops.

 

2 Comments

Posted September 6, 2013 at 12:09 PM | Permalink | Reply

Peter Higgins

Timely, Thank You for sharing. As the IT Security Officer for our company I created a virtual team : IT Security Working Group comprised of other staff who are passionate about doing Security right. We have a bi-monthly Security Awareness Newsletter, written by team members on a rotational basis and vetted by our Communications department. A Low Cost option to engage other staff.

Posted September 6, 2013 at 3:37 PM | Permalink | Reply

lspitzner

Very cool Peter! If you can share any more details or examples of how it has helped, please share!