Not Just a Security Team – a Security Champion

They aren’t part of the data security team, but according to this article at the InfoSec site,, all companies have security champs. They just need to identified. They enrich their respective teams and departments with their information security knowledge and the leadership that they provide to the team’s members. You can find them by incentivizing the responsibility that goes along with being a Security Champion, or using a survey that includes questions about general security proclivity, followed by questions that narrow strengths and skills. You can also monitor employees, keeping an eye out for those with an affinity for security. For example, if you hear someone advising a co-worker about avoiding a phishing scheme, or speaking knowledgeably about a recent ransomware attack, then you may have found a Security Champion. Some organizations need their Security Champion to focus on fundamental tasks including organizing security training, and testing and implementing security policies. Others will focus on higher-level security tasks, like development of information security test cases and performing threat modeling.