Security Awareness Blog

Security Champions Program - At the EU #SecAwareSummit

CassieClarkEditor's Note: Cassie Clark is a Security Community Manager for Salesforce. She is one of the speakers for the upcoming Security Awareness Summit 6/7 December in London. Below she gives an overview on her upcoming workshop on Establishing Security Champions Programs.

Have you heard of the employee engagement training programs called Security Champions? Ever considered starting a Security Champions program at your company? These increasingly popular initiatives can be a great way to reach your employees about security in a deeper way that scales. Champions programs (also called Ambassadors, Advocates, Sentinels, etc.) identify and train volunteers in your organization to help you improve your overall security. This is an extremely effective way to scale your awareness program and embed security throughout your company. At Salesforce, we use our Champions program to connect developers and engineers with security training and tools, empowering them to work on security efforts in conjunction with the Security team. This builds effective partnerships with our engineers that allow for greater collaboration and attention to security. These programs are growing exponentially in interest, but many security awareness practitioners don't know where to start or how to grow an existing program.

I can help! I manage the Security Champions community at Salesforce, which consists of hundreds of Champions. We offer them customized training and access to tools, but I believe that what makes our program successful is our emphasis on community building. I help Security build relationships with our developers and engineers, infusing a sense of "Ohana," or family, into our Champions program. This motivates our Champions to continue participating and creates a sense of ownership around security. Each Champions program operates differently at different companies, and that's what we're going to talk about at the SANS Summit in December. My fellow presenters and I will workshop with you about how to build and scale a dynamic Champions program, including:

  • Commonalities and the "bare bones" of these types of programs
  • Variables in each program that differ across companies
  • Our unique experiences with Champions programs

We'll also provide plenty of time for you to brainstorm about your own Champions program and answer questions you may have about the process. When you walk away, you will:

  • Learn what a Champions program is and if it's a good fit for your company
  • Know what your program needs/would need to be successful
  • Begin to build a program plan that's unique to your company needs
  • Know how to get leadership support for your program (a must!)
  • Understand how to motivate employees to join a Champions program
  • Know how to create effective metrics for your program

Come prepared to see the intersections of security, training, and community. See you in London!

BIO: Cassie Clark is a security community manager for developers and engineers at Salesforce. She encourages secure coding at Salesforce by engaging developers through strategic partnership initiatives, education, and an incentive-based approach to behavior change. She focuses on building community and infusing culture through her work. She is particularly proud of her use of outdated, nerdy pop culture references.