CyBehave Logo

Build Your Security Champions Programme

Follow our proven, step-by-step journey from planning to mature security culture. Track your progress and master each phase.

0 Stages
Completed
0 Actions
Done
0% Journey
Progress

Your Interactive Champions Journey

A practical, trackable roadmap from planning to mature security culture

I'm working on:
🚀
New Programme Starting from scratch
🔄
Existing Programme Reigniting or improving
đŸŽ¯

What This Is

This is your personal, interactive guide to building a successful Security Champions programme. Based on real-world experience and behavioural science principles from "The Rise of the Security Champion", this journey breaks down the entire process into 5 clear stages with 38 actionable steps.

✅

How to Use It

  • Start with Stage 1: Expand it and work through the key actions
  • Check off actions as you complete them - your progress saves automatically
  • Mark a stage complete when you're done to unlock the next one
  • Track your progress with the circular dials and progress bar above
  • Return anytime: Your progress persists in your browser
💡

What You'll Build

By the end of this journey, you'll have:

  • A structured Champions programme with clear goals
  • Engaged Champions who drive security culture
  • Measurable metrics and continuous improvement
  • A sustainable, scalable security culture programme

Ready to begin? Expand Stage 1 below to start your Champions journey. Each stage unlocks as you complete the previous one.

🚀
CURRENT PHASE

Getting Started

Ready to begin your Security Champions journey? Start with the planning phase to lay a solid foundation.

1

Planning & Foundation

Lay the groundwork for sustainable success

⏱ī¸ 2-4 weeks đŸŽ¯ 7 key actions 📚 Chapters 1-3
â–ŧ

Before launching your programme, you need executive buy-in, a clear business case, and an understanding of why Security Champions succeed where traditional approaches fail. This phase sets you up for long-term success.

đŸŽ¯ Define Your Goals

Start with clarity on what you want to achieve:

  • What specific security behaviours need to improve?
  • What security outcomes matter most to your organisation?
  • How will you measure success beyond activity metrics?
  • What realistic timeline are you working with?

Remember: Champions programmes fail when they try to do everything. Start focused.

đŸ’ŧ Build Your Business Case

Secure genuine executive sponsorship (not just approval) by:

  • Quantifying the cost of security incidents
  • Demonstrating how Champions reduce risk at scale
  • Showing realistic resource requirements
  • Connecting to existing business priorities
  • Preparing for common objections

đŸĸ Assess Your Organisation

Understand your real context (not an idealised one):

  • Organisational structure and team distribution
  • Current security culture and maturity
  • Technical landscape and tooling
  • Existing security initiatives and their reputation
  • Available resources and constraints

✓ Key Actions to Complete

Document your programme goals and success criteria
Write down 3-5 specific, measurable goals
Build a business case presentation
Include cost-benefit analysis and risk reduction metrics
Identify and approach your executive sponsor
Schedule meeting and prepare your pitch
Map your organisational structure
Identify teams, locations, and potential Champion coverage
Assess current security culture
Survey teams or conduct informal interviews
Define resource requirements
Time, budget, tools, and support needed
Secure executive sponsorship
Get formal commitment and visible support
💡 For detailed guidance: See Chapters 1-3 in "The Rise of the Security Champion"
In Progress 0 of 7 actions completed

2

Design & Recruit

Build your Champions network structure

⏱ī¸ 3-6 weeks đŸŽ¯ 8 key actions 📚 Chapter 4
â–ŧ

Design a network structure that fits your organisation's reality, recruit Champions who'll actually engage, and define clear roles without overengineering.

🏗ī¸ Structure Your Network

Choose a coverage model that matches your organisation:

  • Team-based (1-2 Champions per team)
  • Geography-based (office/location coverage)
  • Technology-based (per platform/stack)
  • Hybrid approach (combination of above)

Key Decision: Start small (5-15 Champions) and scale based on learning.

đŸŽ¯ Recruit the Right People

Look for Champions who have:

  • Natural curiosity about security
  • Trust and respect within their teams
  • Communication skills (not necessarily technical depth)
  • Time and manager support
  • Motivation to help others (not just advance their career)

Balance volunteers (high motivation) with nominations (good coverage).

📋 Define Roles Clearly

Champions need to know what's expected:

  • Core responsibilities (must-do activities)
  • Optional activities (when they have time)
  • Time commitment (realistic estimate)
  • Boundaries (what they don't do)
  • Support available from security team

✓ Key Actions to Complete

Choose your network structure model
Document coverage approach and target size
Create Champion role description
Include responsibilities, time commitment, benefits
Develop recruitment materials
Posters, emails, presentation for team leaders
Launch recruitment campaign
Open applications and solicit nominations
Interview/select candidates
Assess motivation, availability, fit
Confirm manager support
Ensure Champions have time and backing
Announce your founding Champions
Make it visible and celebratory
Set up communication channels
Slack channel, meetings schedule, documentation
💡 For detailed guidance: See Chapter 4 in "The Rise of the Security Champion"
Not Started 0 of 8 actions completed

3

Launch & Develop

Build capability and create momentum

⏱ī¸ 8-12 weeks đŸŽ¯ 10 key actions 📚 Chapter 5
â–ŧ

Launch with energy, build Champion capability through community (not just training), and establish sustainable engagement patterns before the initial excitement fades.

🚀 Launch Strong

Your launch sets the tone for everything:

  • Host a kickoff event (virtual or in-person)
  • Executive sponsor makes visible commitment
  • Set clear expectations and celebrate Champions
  • Make it feel important and exciting

📚 Build Capability

Focus on progression, not perfection:

  • Aware → Engaged → Contributing → Leading
  • Create spaces for peer learning
  • Build collective knowledge base
  • Focus on real problems, not generic training
  • Celebrate small wins publicly

🔄 Establish Rhythms

Create sustainable cadences:

  • Monthly Champion meetings (or async updates)
  • Regular 1:1 check-ins
  • Quarterly reviews and planning
  • Ongoing recognition (not just annual)

✓ Key Actions to Complete

Plan and execute launch event
Include executive sponsorship and clear programme vision
Create onboarding materials
Welcome pack, resources, quick-start guide
Establish meeting rhythm
Schedule first 3 months of Champion touchpoints
Build knowledge repository
Wiki, FAQ, or shared documentation space
Conduct 1:1 check-ins
Meet each Champion individually in first month
Define first quarter objectives
Small, achievable goals for early momentum
Establish recognition approach
How you'll celebrate Champion contributions
Create feedback mechanisms
How Champions share challenges and suggestions
Document early wins
Track and share quick successes
Complete 3-month milestone review
Assess what's working, adjust what's not
💡 For detailed guidance: See Chapter 5 in "The Rise of the Security Champion"
Locked 0 of 10 actions completed

4

Measure & Optimize

Demonstrate value and improve continuously

⏱ī¸ Ongoing đŸŽ¯ 6 key actions 📚 Chapters 6-7
â–ŧ

Build credible measurement frameworks, demonstrate value to different stakeholders, and use data to improve your programme continuously.

📊 Measure What Matters

Avoid vanity metrics, focus on meaningful indicators:

  • Champion engagement (not just head count)
  • Capability development over time
  • Team-level security behaviour changes
  • Programme sustainability metrics
  • Qualitative impact stories

đŸ’Ŧ Demonstrate Value

Different stakeholders need different evidence:

  • Executives: Business risk reduction, ROI
  • Security team: Reduced burden, better coverage
  • Champions: Personal growth, recognition
  • Managers: Team capability improvement

🔄 Continuous Improvement

Use measurement to improve, not just report:

  • Regular Champion feedback surveys
  • Quarterly programme reviews
  • A/B testing new approaches
  • Learning from other organisations

✓ Key Actions to Complete

Define your core metrics
5-7 key indicators that actually matter
Build measurement processes
How and when you collect data
Create stakeholder reports
Tailored dashboards or updates for each audience
Conduct 6-month programme review
Comprehensive assessment with Champion input
Document lessons learned
What worked, what didn't, why
Implement improvements
Act on feedback and data insights
💡 For detailed guidance: See Chapters 6-7 in "The Rise of the Security Champion"
Locked 0 of 6 actions completed

5

Scale & Sustain

Mature your programme for long-term success

⏱ī¸ 12+ months đŸŽ¯ Ongoing mastery 📚 Chapters 8-9
â–ŧ

With a proven foundation, scale thoughtfully, embed Champions in organisational culture, and prepare for the future of security Champions work.

📈 Scale Thoughtfully

Grow based on success, not enthusiasm:

  • Expand to new teams/locations deliberately
  • Use existing Champions as mentors
  • Maintain quality over speed
  • Document scaling playbooks

🌱 Embed in Culture

Make Champions part of "how we work":

  • Champions involved in onboarding new hires
  • Security Champion role in career paths
  • Integration with engineering practices
  • Champions shaping security strategy

🔮 Future-Proof Your Programme

Adapt to emerging trends:

  • AI/automation impact on Champion work
  • Distributed/remote team considerations
  • Evolving security threats and practices
  • Building programme resilience
💡 For detailed guidance: See Chapters 8-9 in "The Rise of the Security Champion"
Locked Ongoing mastery phase