Editor's Notes: John Haren is the head of security awareness for Diageo and one of the speakers for the upcoming EU Security Awareness Summit in London on 10 July. Below he discusses what his talk will be on and what you will learn from it.
Hi folks — I'm John Haren and I will be presenting in London on my experience around creating a network of security champions. I have worked for Diageo for 16 years in a variety of IT roles and I've been in the Information Security area for the last 4 years. I'm married with three children (14, 11, 7) and live just outside Dublin in Ireland. This family life does, as you can imagine, make life very challenging when managing the Governance, Risk & Compliance side of the Information Management & Security team at Diageo. So much rapid change at home and work certainly keeps it interesting! So what will my talk be about?
In 2013 we created a Security Champions network in Diageo across our 21 markets globally. Security Champions are volunteers throughout the organization who receive basic security training and help spread the awareness program. They are a cost effective way to embed security throughout the organization. Given limited resources, we had a clear vision of what we wanted to achieve and we took a top-down approach for gaining support for the initiative. We developed SMART objectives with a view to slowly and demonstrably driving value for Diageo employees and management over time. This is the story of how we achieved mutual benefit both for us in the central Security team and for the market Security Champions & their colleagues.
I feel this is an important topic because budgets are continually being squeezed and central Information Security teams, particularly in global organisations, have fewer resources (both people and financial) as a result. It is vital that we use extended teams to help get our critical messages out there — and we can do this because there is a pull from those teams both to help their own parts of the business and their colleagues but also from interested individuals who find Information Security fascinating.
I hope you will benefit from this presentation by understanding the steps we took to get to our goals — what worked well and the challenges we faced. I want to portray some of the variety of ways we have tried to keep the entire program interesting, relevant and how we've tried to have fun with it. By seeing a real life example of the process we undertook I believe you'll have the key takeaway activities and the confidence to go and do it in your own environment.
I'm really excited about taking part in this summit and hope you can turn up to swap stories from your own organization so we can all build our capability in this area. Looking forward to seeing you there.