Champions Journey Planner

Build your Security Champions programme.

Follow our proven, step-by-step journey from planning to mature security culture. Track your progress and master each phase - your progress saves automatically in your browser.

0Stages
Completed
0Actions
Done
0%Journey
Progress
I am working on:
🚀
New Programme
Starting from scratch
🔄
Existing Programme
Reigniting or improving

🎯 What this is

Your personal, interactive guide to building a successful Security Champions programme. Based on real-world experience and the behavioural science principles from The Rise of the Security Champion. Five clear stages. 31 actionable steps.

✅ How to use it

  • Start with Stage 1 - expand it and work through the key actions
  • Check off actions as you complete them - progress saves automatically
  • Mark a stage complete to unlock the next one
  • Return any time - your progress persists in your browser

💡 What you will build

  • A structured Champions programme with clear goals
  • Engaged Champions who drive security culture
  • Measurable metrics and continuous improvement
  • A sustainable, scalable security culture programme
Ready to begin? Expand Stage 1 below to start your Champions journey. Each stage unlocks as you complete the previous one.
🚀
Current Phase
Getting Started
Ready to begin your Security Champions journey? Start with the planning phase to lay a solid foundation.
1
Planning & Foundation
Lay the groundwork for sustainable success
⏰ 2 - 4 weeks 🎯 6 key actions

Before launching your programme, you need executive buy-in, a clear business case, and an understanding of why Security Champions succeed where traditional approaches fail. This phase sets you up for long-term success.

🎯 Define Your Goals

Start with clarity on what you want to achieve:

  • What specific security behaviours need to improve?
  • What security outcomes matter most?
  • How will you measure success beyond activity metrics?
  • What realistic timeline are you working with?
💼 Build Your Business Case

Secure genuine executive sponsorship (not just approval) by:

  • Quantifying the cost of security incidents
  • Demonstrating how Champions reduce risk at scale
  • Showing realistic resource requirements
  • Connecting to existing business priorities
🏢 Assess Your Organisation

Understand your real context:

  • Organisational structure and team distribution
  • Existing security initiatives and their reputation
  • Available resources and constraints
✓ Key actions to complete
Document your programme goals and success criteria
Write down 3-5 specific, measurable goals
Build a business case presentation
Include cost-benefit analysis and risk reduction metrics
Identify and approach your executive sponsor
Schedule meeting and prepare your pitch
Map your organisational structure
Identify teams, locations, and potential Champion coverage
Define resource requirements
Time, budget, tools, and support needed
Secure executive sponsorship
Get formal commitment and visible support
📚 For detailed guidance see Chapters 1-3 in The Rise of the Security Champion
In Progress 0 of 6 actions completed
2
Design & Recruit
Build your Champions network structure
⏰ 3 - 6 weeks🎯 8 key actions
🔒

Design a network structure that fits your organisation's reality, recruit Champions who will actually engage, and define clear roles without overengineering.

🏗 Structure Your Network

Choose a coverage model that matches your organisation:

  • Team-based (1-2 Champions per team)
  • Geography-based (office/location coverage)
  • Technology-based (per platform/stack)
  • Hybrid approach (combination of above)

Key decision: start small (5-15 Champions) and scale from learning.

🎯 Recruit the Right People

Look for Champions who have:

  • Natural curiosity about security
  • Trust and respect within their teams
  • Communication skills (not necessarily technical depth)
  • Time and manager support
  • Motivation to help others
📋 Define Roles Clearly

Champions need to know what is expected:

  • Core responsibilities (must-do activities)
  • Optional activities (when they have time)
  • Realistic time commitment
  • Boundaries (what they do not do)
  • Support available from security team
✓ Key actions to complete
Choose your network structure model
Document coverage approach and target size
Create Champion role description
Include responsibilities, time commitment, benefits
Develop recruitment materials
Emails, presentation for team leaders
Launch recruitment campaign
Open applications and solicit nominations
Interview and select candidates
Assess motivation, availability, fit
Confirm manager support
Ensure Champions have time and backing
Announce your founding Champions
Make it visible and celebratory
Set up communication channels
Meetings schedule, shared documentation space
📚 For detailed guidance see Chapter 4 in The Rise of the Security Champion
Locked 0 of 8 actions completed
3
Launch & Develop
Build capability and create momentum
⏰ 8 - 12 weeks🎯 11 key actions
🔒

Launch with energy, build Champion capability through community (not just training), and establish sustainable engagement patterns before the initial excitement fades.

🚀 Launch Strong

Your launch sets the tone for everything:

  • Host a kickoff event (virtual or in-person)
  • Executive sponsor makes visible commitment
  • Set clear expectations and celebrate Champions
  • Make it feel important and exciting
📚 Build Capability

Focus on progression, not perfection:

  • Aware to Engaged to Contributing to Leading
  • Create spaces for peer learning
  • Focus on real problems, not generic training
  • Celebrate small wins publicly
🔄 Establish Rhythms

Create sustainable cadences:

  • Monthly Champion meetings (or async updates)
  • Regular one-to-one check-ins
  • Quarterly reviews and planning
  • Ongoing recognition (not just annual)
✓ Key actions to complete
Plan and execute launch event
Include executive sponsorship and clear programme vision
Create onboarding materials
Welcome pack, resources, quick-start guide
Establish meeting rhythm
Schedule first 3 months of Champion touchpoints
Build knowledge repository
Wiki, FAQ, or shared documentation space
Conduct one-to-one check-ins
Meet each Champion individually in first month
Define first quarter objectives
Small, achievable goals for early momentum
Establish recognition approach
How you will celebrate Champion contributions
Create feedback mechanisms
How Champions share challenges and suggestions
Document early wins
Track and share quick successes
Complete 3-month milestone review
Assess what is working, adjust what is not
Assess current security culture
Survey teams or conduct informal interviews
📚 For detailed guidance see Chapter 5 in The Rise of the Security Champion
Locked 0 of 11 actions completed
4
Measure & Optimise
Demonstrate value and improve continuously
⏰ Ongoing🎯 6 key actions
🔒

Build credible measurement frameworks, demonstrate value to different stakeholders, and use data to improve your programme continuously.

📊 Measure What Matters

Avoid vanity metrics - focus on meaningful indicators:

  • Champion engagement (not just head count)
  • Capability development over time
  • Team-level security behaviour changes
  • Programme sustainability metrics
  • Qualitative impact stories
💬 Demonstrate Value

Different stakeholders need different evidence:

  • Executives: business risk reduction, ROI
  • Security team: reduced burden, better coverage
  • Champions: personal growth, recognition
  • Managers: team capability improvement
🔄 Continuous Improvement

Use measurement to improve, not just report:

  • Regular Champion feedback surveys
  • Quarterly programme reviews
  • Testing new approaches
  • Learning from other organisations
✓ Key actions to complete
Define your core metrics
5-7 key indicators that actually matter
Build measurement processes
How and when you collect data
Create stakeholder reports
Tailored dashboards or updates for each audience
Conduct 6-month programme review
Comprehensive assessment with Champion input
Document lessons learned
What worked, what did not, why
Implement improvements
Act on feedback and data insights
📚 For detailed guidance see Chapters 6-7 in The Rise of the Security Champion
Locked 0 of 6 actions completed
5
Scale & Sustain
Mature your programme for long-term success
⏰ 12+ months🎯 Ongoing mastery
🔒

With a proven foundation, scale thoughtfully, embed Champions in organisational culture, and prepare for the future of security Champions work.

📈 Scale Thoughtfully

Grow based on success, not enthusiasm:

  • Expand to new teams and locations deliberately
  • Use existing Champions as mentors
  • Maintain quality over speed
  • Document scaling playbooks
🌿 Embed in Culture

Make Champions part of how you work:

  • Champions involved in onboarding new hires
  • Security Champion role in career paths
  • Integration with engineering practices
  • Champions shaping security strategy
🔮 Future-Proof Your Programme

Adapt to emerging trends:

  • AI and automation impact on Champion work
  • Distributed and remote team considerations
  • Evolving security threats and practices
  • Building programme resilience
📚 For detailed guidance see Chapters 8-9 in The Rise of the Security Champion
Locked Ongoing mastery phase

Want the full platform experience?

CyBehave Heroes gives you structured Champion journeys, XP, badges, measurement, and board-ready reporting - all built in.

Start free trial → Learn about Champions