Recruiting Security Champions

In the previous article, ‘Building Security Champions’, we covered what champions are, why you need them, and our plan to make an amazing program.

The #1 most important rule of recruiting security champions is that you must attract them. Do not “voluntell” someone to be a security champion. That person is not going to do their best for you, and they certainly won’t enjoy the experience. Attract the right people instead of forcing them.

How does one ‘attract’ champions?

Perform Outreach

• Use lunch and learns to teach about security
• Arrange security training
• Anyone who asks questions or attends all the events is a potential champion
• Use interesting titles for events if you can
• Add a note to your email signature, saying you are looking for champions
• Put a sign on the fridge in the kitchen
• Talk about it at the all-staff meeting
• Send an email to all of IT

Observe

Pay attention to who responds, attends events, asks questions, and who is ‘always there’. Those are the people you need.

Adjust Your Attitude

Change your team’s mantra to “I am here to serve you” and your team will attract even more candidates. Saying “you are my customers” to the rest of IT if you are a security professional, is basically the truth. Plus, you always get more bees with honey.

#2 most important rule of recruiting: ensure their manager is on board. You don’t want this person to have to fight to do work for you or feel conflicted. Ensuring their manager is comfortable.

In the next article, we will talk about how to engage your champions (which will result in you finding even more).