SCN #11: Spring Forward with a Fresh Take on Your Champion Resolutions

Author

Stanley Harris
March 20, 2025

As the days get warmer (or cooler, depending on your hemisphere!), there’s no better time to reinvigorate your security champion journey. This month, we’re shining a spotlight on how to bring development and security teams together, sharing insights from AWS on the power of gamification, and highlighting advanced ways to keep your dev teams motivated - building on the New Year’s resolutions we kicked off back in January!

🔦 Champion Spotlight: The Psychology of Influence & Metrics

Springboard for Your Resolutions:

  • Empower Your Allies: Learn how to identify (and reward!) champions who can rally the developer crowd around security best practices.

  • Build a Culture of Trust: Dustin Lehr shares tried-and-true methods to communicate issues without alienating engineers.

  • Behavioral Secrets: Why understanding intrinsic motivation can make or break your champion program’s success.

  • Measuring Progress: Know which metrics matter most when you’re scaling up vulnerability management.

Check It Out: If you’re a resolution-maker looking to keep the momentum going, this webinar’s real-world guidance will help you stay on track, and even bloom 🌸 in March!

⚡️Drive Adoption & Energy: How to Gamify Digital Transformation

Gamifying Digital Transformation: Drive Adoption Through Engagement | Amazon Web Services

Digital transformation can offer organizations improved efficiency, enhanced customer experiences, and the ability to stay competitive, but the journey is often fraught with challenges. One key hurdle is motivating employees to embrace new technologies and ways of working. An innovative approach to overcoming these challenges is gamification, a strategy that uses game-like elements to engage […]

aws.amazon.com/blogs/enterprise-strategy/gamifying-digital-transformation-drive-adoption-through-engagement

A Fresh Twist for March:

  • Renewed Engagement: With a new season comes new energy - channel it via leaderboards, progress trackers, or playful challenges that drive friendly competition.

  • Team Bonding: Collaborate across squads for bigger gains. “We succeed together” fosters long-lasting security culture, not just short-term checklists.

  • Real-Time Feedback: Nudging developers with instant progress bars or milestone celebrations keeps them in the loop and motivated.

Try This: Kick off a “Spring Cleanup Challenge” where devs race to eliminate stale vulnerabilities or outdated libraries. Celebrate every victory, no matter how small!

📚️ Developer-First Training: A Fresh Take on Threat Modeling

Key Themes:

  • Keeping It Relevant: Generic slides are out - real code examples and interactive labs are in.

  • Threat Modeling 101: Empower developers to spot potential issues long before production - saving time, money, and stress.

  • Proactive Culture: Move from simple compliance to a forward-thinking approach that sparks continuous learning.

Pro Tip: Spring is a great time to schedule a “Threat Modeling 101” workshop with champion-led breakouts. Let your dev teams flex their skills on upcoming features!

📆 Upcoming Events & Conferences

Keep that spring in your step by joining us in person at these can’t-miss gatherings. Let’s compare notes on champion programs, see what’s blossomed since January, and get practical tips you can take back to your organization.

  1. BSides Charlotte

    • Date: April 5–6, 2025

    • Location: Charlotte, NC (In-Person)

    • URL: bsidesclt.org

    • Come Say Hi: We’ll be onsite discussing how to refine your champion strategies - bring your top challenges!

  2. BSides SF

    • Date: April 26–27, 2025

    • Location: San Francisco, CA (In-Person)

    • URL: bsidessf.org

    • Don’t Miss: Marisa Fagan (Head of Product, Katilyst) on Sunday, April 27 at 11:15 AM PT - unpacking “The Four Tribes of Security Champions.” Benchmark your program style against The Apprentices, The Fan Club, The Learners, and The Sentinels!

  3. RSA Conference

    • Date: April 28–May 1, 2025

    • Location: San Francisco, CA (In-Person)

    • URL: rsaconference.com

    • Session Alert: Champions of Change: Successes & Setbacks of Cyber Ambassador Programs

      • When: Wed, April 30, 1:15–2:05 PM PT

      • Speakers: Jessica Barker (Cygenta), Marisa Fagan (Katilyst), Tanya Janca (Semgrep), Heather Reed (Nestlé)

      • Why Attend: Real-world insights on champion/ambassador programs - what keeps them thriving vs. what makes them fall apart.

Wrapping Up: Spring Your Program Forward

Whether you’re sprouting new champions or nurturing seasoned experts, March is the perfect time to revisit and refresh your security culture. Keep your eyes on the big prize: an engaged developer community that sees security as a natural extension of quality code.

Ready to Bloom?

  • Try a new gamification tactic.

  • Host a micro-threat-modeling session next week.

  • Share a champion success story in your next all-hands.

Whatever you do, remember that continuous growth beats a one-time flourish. Let’s keep those resolutions (and your champion program) thriving!

Stay Inspired ☺️,
The Katilyst Team