(Over)Communication with your security champions

To maintain the momentum and interest in a security champions program, it's crucial to prioritize consistent communication and realistic pacing. Overloading participants with activities in the initial stages can lead to burnout and program neglect, as evidenced by security teams who start strong but later falter. A recommended approach includes monthly 30-minute meetings with each champion, a lunch and learn session, and a monthly email update, ensuring engagement without overwhelming participants who already have full-time responsibilities. During meetings, open-ended questions encourage meaningful dialogue, while notes and action items ensure accountability. Lunch and learn sessions should be engaging and relevant, focusing on specific skills or topics requested by participants. Monthly emails, even when other activities aren't feasible, serve as reminders that the program is ongoing and valued, offering updates on events, policies, and relevant security media. The article emphasizes that maintaining regular touchpoints, even through simple emails, can prevent the program from fading and ensure its continued success.