Engage your champions

To effectively engage security champions once they've been recruited, it's crucial to make participation in security activities both interesting and appealing, encouraging them to take on additional responsibilities beyond their regular IT roles. Engaging them can include involving them in real security incidents, sharing sensitive information under a 'need to know' basis, and giving them early access to new tools and policies to solicit their opinions. Regular communication through mailing lists and monthly one-on-one meetings can foster a sense of belonging and importance, while team-building events and participation in security communities like OWASP enhance camaraderie. By doing so, security champions feel valued and motivated, setting the stage for further development, such as providing them with specialized training in future initiatives.