Security BSides London 2019

In this presentation, we will look at how to maximise your security awareness programme and improve incident response by developing a security champions programme. A security champions programme is a network of people within an organisation who are not cybersecurity professionals but work as a security representative, functioning in much the same way as health and safety officers. This can be a great way of scaling up your awareness-raising, improving two-way communications between the infosec team and the rest of the organisation, enhancing security without needing a big budget and improving the likelihood of an employee reporting an incident. But, building and maintaining a champions programme from scratch can feel daunting. It's also very important to align a champions programme with your company culture, which means you need to understand your current culture, how long culture-change can take and what elements of culture will be impacted by a champions programme. That’s where we come in! In this talk, Kevin Millwood and Jessica Barker will use their real-world experience of champion programmes to outline:



· Why a champions programme can be such a good idea for cybersecurity
· Steps you can take to establish a champions programme from scratch
· Why cybersecurity culture matters, including defining what we mean by "cybersecurity culture"
· How you can get busy people to become security champions when it is not part of their day job (and they won’t get paid for it)
· Ways to monitor the effectiveness of your champions programme
· What some of the pitfalls of a champions programme are, and how to avoid them


If you’re interested in the human side of cybersecurity and you want to make people the strongest link in your security, this is the talk for you.