Security Awareness Month: 5 Engaging Events for Security Champion Programs

Every October, Security Awareness Month presents a golden opportunity for Security Champion program owners to energize their communities with engaging and fun events. Running creative, motivating events not only boosts awareness but also reinforces your champions’ role as advocates for secure practices across the organization. We’ve come up with a set of event ideas, complete with how to run them and tips for tying them into your program’s gamified structure, that could be the cherry on top of a successful month of boosting your culture change goals!

1. AppSec Scavenger Hunt in the Katilyst Platform

This scavenger hunt is a fast-paced game hosted on the Katilyst platform with an AppSec theme. Players receive mission prompts and scour the internet (GitHub, Shodan, NVD, Stack Overflow, blogs, etc.) to uncover real-world security examples. They then submit the evidence for points, energized with the hopes of reaching the top of the leaderboard.

How to run it:

• Pick a date and time window. Send out a save-the-date calendar invite for an online meeting to kick off the event.

• Players submit evidence descriptions to the Katilyst player dashboard. Facilitators approve submissions and award points using the Katilyst admin UI.

• Encourage champions to cheer each other on in team chat channels. Invite the whole team to join an event channel and support the conversation.

  
  

Motivational techniques: Use curiosity to lead people towards signups. Award bonus points for creativity or unique finds. Recognize “top hunters” in your monthly champion roundup.

Pro tip: If you do not have access to the Katilyst platform to run a scavenger hunt, you can still do this activity manually by setting up a submission form and assigning the points to valid submissions via spreadsheet. 

Check out the resource below to see an example of the Facilitator’s Guide and the challenges that could be customized for your program.

Want to try using the Katilyst platform for your scavenger hunt? Contact us today to learn more!

2. Cyber Range Experience

Nothing drives skills home like hands-on hacking. A cyber range event lets champions safely explore real-world vulnerabilities in a controlled, gamified environment, practicing how to think like attackers, all while having a great time!

How to run it:

• Partner with a cyber range provider like CMD+CTRL.

• Organize individual or team-based play sessions.

• End the experience with a closing ceremony that recognizes the top players, reveals the answer to popular challenges, and reviews the learning objectives. 

  
  

Motivational technique: Offer achievement badges for milestones (e.g., “First Exploit,” “Defense Master”) and extra program points for participants.

Pro tip: Invite the cyber range provider to lead a secure coding training session 3 months later to give a “booster” to the lessons learned in the cyber range experience. Coordinate this with the annual training requirements. 

3. Phish Off: Craft the Best Phish

Flip the script: ask champions to design the most convincing phishing email they can. This creative exercise sharpens their ability to spot malicious patterns by encouraging them to think like attackers.

How to run it:

• Communicate “Rules of Play” to prevent targeting real employees, using real information, and executing live malware.

• Submissions are judged by creativity, likelihood to succeed, and technical elements.

• Showcase winning phishes in your awareness channels or use them in your phishing simulations.

  
  

Motivational technique: Increase engagement by highlighting the creative side. Have special badges for creative submissions like “The Picasso of Phishing” or “Social Engineer Extraordinaire.” If you have fun with it, they will too!

Pro Tip: Looking for help putting this event together? Contact Katilyst and we would be happy to facilitate this event for your organization!

4. Dungeons & Dragons Threat Modeling

Bring storytelling and strategy into security! Inspired by tabletop roleplaying, a D&D-style threat modeling session encourages champions to role-play attackers and defenders in a fictional environment.

How to run it:

• Use your own product, a fictional castle, or another fun scenario as the setting. Collect visual aids like data flow diagrams and an asset inventory.

• Assign roles (attacker, defender, facilitator). Work through “attack turns” and “defense turns,” then debrief to map findings back to real threats.

• Recognize creative role-playing, unique defenses, and insightful mapping back to real risks with a token prize like badges and stickers.

Motivational technique: Storytelling is a powerful tool to increase understanding and connection with the topic.

Pro Tip: Check out the resources below to assist with a session script, monster manual, and customizable character cards for your party!

5. AMA with the CISO or Security Leaders

Create space for transparency and dialogue by hosting a live Q&A with your security leaders.

How to run it:

• Collect champion questions in advance.

• Run the AMA live over chat or video.

• Capture key takeaways to share more broadly across the company.

Motivational technique: Points can be awarded for asking thoughtful questions or sharing insights learned with their teams.

Pro Tip: Having difficulty bringing in a security leader to speak with your Champions? Consider reaching out to industry experts like Tanya Janca to join your program for an engaging Q&A session!

Wrapping It Up

Security Awareness Month is more than posters and reminders, it’s a chance to make security fun, interactive, and memorable. By weaving in gamification, you not only engage your Security Champions but also strengthen the program’s culture of learning and advocacy.

Whether through scavenger hunts, phishing competitions, or imaginative roleplay, these events create experiences that stick. And when security is sticky, the whole organization wins.

At Katilyst, we help our customers make security enthusiasts into bonafide security champions. Reach out to find out more about our methodology or to get help rolling out your next creative ideas!