What is a security champion? Definition, necessity and employee empowerment [Updated 2021]

A new kind of hero: Security champion

In today’s world of malware, ransomware, hacking, phishing and other never-ending threats, the need for employee vigilance has never been greater. How does a company accomplish this, especially a large organization with many different locations, networks and departments? Increasingly, many are finding the answer is creating the role of security champion.

In this article, we’ll define what a security champion is, why your company needs them and how to get your employees on board.

Security champion: A definition

First of all: what is a security champion? There is no one specific definition, as the role has evolved over time. When the term first appeared about eight years ago, security champions were part of an app sec or development team, and their job was to learn or understand basic security issues. The champion would then help bridge the gap between development and security, two departments that are often at odds with one another.

While that definition is still viable, a new concept of security champion has emerged that has less of a technical role and more of a spiritual one. In this version, a security champion is someone who serves as both mentor

Read More: https://resources.infosecinstitute.com/topic/what-is-a-security-champion-definition-necessity-and-employee-empowerment/