Security Champions Programme
Your development teams are responsible for security, but they don't have the training, the support, or the time to do it well. The result is a constant choice between delivering fast and delivering securely.
CyberFern's Security Champions Programme removes that trade-off. We embed security knowledge directly in your engineering teams through a structured, tailored programme that builds lasting capability — not just one-off awareness.
The Challenge
Most organisations face the same problem: security teams are stretched thin and can't be embedded in every project. Development teams, meanwhile, face organisational resistance when introducing security controls. Application security is rarely prioritised alongside feature delivery.
The consequences are real — delayed releases, friction between teams, and vulnerabilities that slip through to production. Fixing defects discovered late in the lifecycle costs dramatically more than catching them early.
A Security Champions Programme creates bridges between security, development, and other business functions in a lasting way. By selecting champions from within your development teams and giving them the right support and recognition, you can ship more secure code, reduce overall risk, and accelerate delivery.
How It Works
Discovery and planning. We work with your key sponsors and stakeholders to identify the programme's goals and budget, set the timeline, define metrics, and establish a baseline measurement.
Team selection and kickoff. We select teams to participate, conduct an introductory meeting, and call for volunteers. Champions are chosen from within your development teams — people who are motivated and curious, not just assigned.
Goal setting. We work with your security function to define tactical goals based on your current security plan, then run a brainstorming workshop with the champions to determine how to achieve them.
Execution. The programme includes learning sessions, engagement in external security events, and introducing or improving practices such as threat modelling, vulnerability detection, and security controls implementation.
Measurement and iteration. We measure progress against the defined metrics, compare with the baseline, and plan the next iteration or expansion of the programme.
Proven Results
Swiss Post and Log4Shell. Swiss Post began implementing its Security Champions programme in 2020. Champions participated in Security Day events, attended external training, and built strong relationships with the security team. When the critical Log4Shell vulnerability emerged in late 2021, the Security Champions identified and addressed the issue before the official company-wide communication was even released.
Catching defects early. Research by the National Institute of Standards and Technology shows that fixing a defect after deployment can cost 30 times more than catching it during design. A Security Champions programme equips teams with threat modelling skills, enabling them to identify vulnerabilities during design rather than after a penetration test delays a release by weeks.
At CyberFern, we combine first-hand development and deployment experience with deep cybersecurity knowledge and human science. We tailor every programme to meet your organisation's goals and budget.