Security Champion Blog

At Katilyst, we’ve found that the biggest barrier to strong threat modeling isn’t technical knowledge—it’s engagement. Even with the best frameworks (STRIDE, PASTA, etc.), teams tune out if threat modeling becomes a rote checklist. That’s why we set out to transform it into an epic quest. Inspired by tabletop RPGs like Dungeons & Dragons, our approach gives security champions the tools to lead fun, collaborative, and genuinely productive threat modeling sessions.

Points aren’t about gamification. They’re about giving visibility to the invisible, and tracking the impact of security champions in a way that celebrates their contributions - without adding overhead. A good points system should reflect your culture and drive the behaviors you actually want to see.

Through a combination of conversations and firsthand experience, we have developed a sixth sense about the mistakes that are most commonly made over the lifetime of a champion program which lead to failures.

n today’s cybersecurity landscape, it's clear that technology alone cannot solve all our security challenges. Security culture plays a pivotal role, and this is where security champion programs come into the picture.

Security Champions play a crucial role in fostering a culture of security within organizations. While "stuff"—like swag and gift cards—is a common way to reward them, there's an opportunity to think bigger and leverage other powerful motivators.

In a recent webinar hosted by Wizer, Katilyst's Dustin Lehr joined Gaby Friedlander to explore the importance of cultivating a strong security culture through Security Champion programs.

The key to building security culture is motivating and inspiring your colleagues to take proactive action - focusing on the carrot, not the stick. This can be a lot of work, so we created Katilyst to lift the burden.

With employees dispersed across various locations, ensuring that everyone aligns to security best practices can prove a difficult challenge. In this week's post we explore some methods to build and maintain a strong security culture in remote work companies.

Enter Security Champion programs: your secret weapon for fostering a security-conscious culture. They arm employees with the knowledge and tools to combat these biases head-on.

Hosted by Semgrep and led by Tanya Janca (one of our advisors and a close friend to Katilyst), the panel explored the critical elements of creating and maintaining a successful Champions program.

You'll find some great insights into why these programs exist and what champions do on a day-to-day basis.