Transparency Over Secrecy

Security awareness programs often stop at training and phishing simulations, but that’s just scratching the surface. Real culture change happens when employees understand their security behaviors and feel empowered to improve them.

What if every employee had their own Security Score?

At our organization, we broke from industry norms by designing a Security Scorecard to empower employees, engage leadership, and create transparency around human risk. Many companies hesitate to show employees their security scores, fearing resistance or punitive associations. However, we found that the key to cultural change isn’t secrecy—it’s visibility.

In this session, we'll share how we built a Team Member Security Scorecard that engages employees, empowers leadership, and makes human risk more transparent and how we accomplish this without creating fear or finger-pointing.

We’ll break down:

- Securing Leadership Buy-In: How we partnered with executives, risk leaders, and HR to position the scorecard as an awareness tool, not a punishment.

- Building the Scoring Model: How we weighed different security behaviors, like phishing simulations, MFA usage, and password hygiene to reflect real-world risk.

- Messaging That Engages, Not Alarms: How we introduced the scorecard through onboarding, leader huddles, and champions programs to foster education and ownership.

- Driving Culture with Transparency: How we integrated the score into performance conversations, executive dashboards, and company-wide business goals.

- Lessons Learned: The challenges we faced (and how we tackled them). From gamification to data privacy concerns to internal politics.

Since its launch, our Security Scorecard has become a core part of how we talk about security. It sparks conversations in teams, influencing leadership decisions, and helping employees see how their individual actions impact the company’s overall risk.

Whether you're starting from scratch or looking to evolve your employee engagement program, you'll leave this session with practical steps, pitfalls to avoid, and lessons learned to help you bring transparency and accountability to your security culture.