SCN #9: New Year, New Security Resolutions

A Roadmap to Strengthen Your Champion Program

Author

Stanley Harris
January 22, 2025

Hello and welcome to our first Security Champion Newsletter of 2025!

It’s that time of year again - fresh starts, ambitious goals, and the perfect moment to reinforce the security culture within our organizations. In this first newsletter of the year, we’re focusing on Security Resolutions and providing you with practical insights to ensure they truly stick.

If your resolution is to build (or level up) a security champion program, you’re in the right place. Below, we’ve created a four-step roadmap, from laying a solid foundation to securing executive buy-in, featuring some of our favorite resources and conversations from leaders in the field. Let’s dive in!

💪 Security Resolution #1: Establish a Strong Foundation

Build your program on proven principles and a robust framework

Why This Matters:

  • Irfaan Santoe, OWASP Netherlands chapter leader and creator of the OWASP Security Champions Guide, breaks down the essential building blocks of a champion program.

  • Learn how a structured guide can streamline your efforts, keeping you focused on the right activities at the right time.

  • Perfect for teams or organizations just kicking off their champion journey or those looking to refine an existing structure.

Listen In: Dive into Irfaan’s motivations behind the project, real-world success stories, and practical tips to ensure you’re building on solid ground.

📈 Security Resolution #2: Foster Engagement & Measure Success

Keep everyone excited, accountable, and on track

Why This Matters:

  • Dustin Lehr (Co-Founder at Katilyst) explores how to keep security champions motivated over the long haul, emphasizing the power of culture and leadership support.

  • Discover how behavioral science and gamification (using frameworks like Octalysis) can transform training from a ‘check-the-box’ task into a thriving, value-added practice.

  • Get actionable ideas on measuring success and maintaining buy-in at every level, so your resolutions don’t lose steam by mid-year.

Tune In: Walk away with fresh perspectives on engagement strategies, leadership alignment, and making security a collaborative rather than a top-down mandate.

🏋️ Security Resolution #3: Turn Developer Pain Points Into Strengths

Shift from frustration to empowerment

Click the image to check out the article!

Why This Matters:

  • Gartner highlights common stumbling blocks in software security - tools, processes, or cultural barriers - and provides a strategy to flip them into opportunities for developer growth.

  • Whether you’re dealing with noisy tools, unclear requirements, or limited security expertise, this resource offers a clear path to elevating your dev teams.

  • Invaluable for teams that want to see real, positive change quickly while maintaining momentum on broader security resolutions.

Read On: Transform everyday hurdles into stepping stones toward a more resilient, engaged development organization.

🤝 Security Resolution #4: Secure Executive Alignment & Scale

Gain the top-down support you need to sustain lasting change

A CISO's Guide to Building a World-Class Security Champion Program

Ever feel like your cybersecurity efforts are a constant uphill battle, with each victory followed by another wave of threats?

cisotradecraft.substack.com/p/a-cisos-guide-to-building-a-world

Why This Matters:

  • Executive sponsorship is critical for keeping security champions programs funded, prioritized, and recognized. This guide dives into the frameworks CISOs and other leaders use to champion their champions.

  • Learn how to quantify the value of your program, using metrics that matter most, and communicate them effectively to the C-suite.

  • Perfect if you’re ready to take your security champion efforts to the next level and want to ensure a supportive, scalable environment.

Dig In: From shaping the program’s vision to measuring ROI, this guide offers tangible advice for rallying organization-wide support.

By following this Resolution Roadmap - from setting a strong foundation with OWASP’s guidance, to nurturing engagement with behavioral science, to conquering developer pain points, and finally aligning executive support - you’ll be well on your way to building a security champion program that stands the test of time.

Here’s to a new year filled with meaningful progress, stronger collaboration, and unwavering commitment to secure development. We’d love to hear about your own resolutions: What’s your biggest security champion goal for 2025? Drop us a note or share on LinkedIn to keep the conversation rolling!

Stay tuned for more tips, stories, and interactive sessions as we continue championing the cause of secure development together. Until next time, Happy New Year and happy championing!

- The Katilyst Team