Security Champions: You Already Have Them! How to Tap Their Potential – Dustin Lehr – OWSP25 #1

Want to create lasting change in cybersecurity? Stop going it alone.

Whether you're launching a formal Security Champions program or still figuring out where to start, there's one truth every security leader needs to hear: You already have allies in your org... they're just waiting to be activated.

In this session, we’ll explore how identifying and empowering your internal advocates is the fastest, most sustainable way to drive security culture change. These are your early adopters: the developers, engineers, and team leads who already “get it,” even if their title doesn’t say “security.”

We’ll unpack:

• Why you need help from people outside the security org to actually be effective
• Where to find your natural allies (hint: it starts with listening, not preaching)
• How to support and energize those allies so they influence the majority
• What behavioral science tells us about spreading change across an organization

Security is a team sport, and the opportunity to bring more people into the mission has never been greater. Whether you’re in security, engineering, product, or beyond, this conversation is for you.

Let’s talk champions. You’ve already got them. Now it’s time to activate them.

Segment Resources: Security Champion Success Guide: https://securitychampionsuccessguide.org/

Other interviews/podcasts I've done on Champs and AppSec: https://www.youtube.com/playlist?list=PLPb14P8f4T1ITv3p3Y3XtKsyEAA8W526h

How to measure success and impact of culture change and champions: https://www.linkedin.com/pulse/from-soft-skills-hard-data-measuring-success-security-yhmse/

Global Community of Champions sign up: https://docs.google.com/forms/d/e/1FAIpQLScyXPAMf9M8idpDMwO4p2h5Ng8I0ffofZuY70BbmgCZNPUS5Q/viewform

This interview is sponsored by the OWASP GenAI Security Project. Visit https://securityweekly.com/owaspappsec to watch all of CyberRisk TV's interviews from the OWASP 2025 Global AppSec Conference!