In order to have a continuous and successful Security Champions ecosystem, it's crucial to constantly support them and provide with learning materials. Below you can find several ways to maintain Champions' interest and help them evolve as security professionals.
Conduct periodic workshops for the teams, explain the strategy, promote best practices, or just share some recent news from the security world. Organize an interactive quiz, announce Hacker Thursday or start a "Month of bugs". Talk to the Champions and together decide what format is the most suitable for you. No matter what format you're going to choose, it's probably the most important point throughout the whole Playbook. Keep them motivated, and you'll be pleasantly surprised very soon!
Let Champions practice on exciting challenges through contests and hackathons. A quarterly internal CTF can be easily set up using CTFd, or you can choose an external event from CTF Time. Hacking days can also be interesting, either for finding or fixing vulnerabilities. Besides being useful and fun, these events can also help establishing a baseline of the maturity of the Champions. Identified weak points can be further adressed in training sessions. Don't underestimate the power of SWAGs to increase engagement rates!
Share recent security news via established communication channels (such as Ezine weekly appsec compilations). Additionally, start monthly security newsletters with updates from the teams, plans, recognitions for the good work and any other relevant and interesting information - this won't only engage Champions even more but will be a good checkpoint, also for your security program.
Create a separate space in your internal wiki and add there dedicated pages such as:
- conference calendar (start here)
- security library of good books and articles (start here)
- slides from attended conferences (or start here)
- "rooms for ideas and improvement"
Start a local chapter or join an existing one, and invite Champions to learn and share! This is one more great way to socialize, meet with peers and discuss actual problems, news and ideas.
| << Previous page | Main page | To Afterword >> |
|---|