SBN

What is a Security Champion? Definition, Necessity and Employee Empowerment

A New Kind of Hero: Security Champion

In today’s world of malware, ransomware, hacking, phishing and other never-ending threats, the need for employee vigilance has never been greater. How does a company accomplish this, especially a large organization with many different locations, networks and departments? Increasingly, many are finding the answer is creating the role of security champion.

In this article, we’ll define what a security champion is, why your company needs them and how to get your employees on board.

Security Champion: A Definition

First of all: what is a security champion? There is no one specific definition, as the role has evolved over time. When the term first appeared about five years ago, security champions were part of an app sec or development team, and their job was to learn or understand basic security issues. The champion would then help bridge the gap between development and security, two departments that are often at odds with one another.

While that definition is still viable, a new concept of security champion has emerged that has less of a technical role and more of a spiritual one. In this version, a security champion is someone who serves as both mentor and cheerleader of sorts, engaging with and encouraging all employees to learn, adopt and remain committed to security protocols. These champions may not have as deep an understanding of security as someone in infosec or IT, but they know enough to answer basic questions and serve as a bridge between the infosec gurus and the ordinary employees.

Why You Need Security Champions

Security champions are an additional layer of protection and enforcement that adds more of a “human touch” than a traditional security officer or operations manager would. That is not to say those in infosec are icy, Spock-like people, but (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Stephen Moramarco. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/kOmoV7bodBk/