Security Awareness Blog

Gamification at Salesforce - #SecAwarenessSummit

Masha SedovaEditor's Note: Masha Sedova is the Senior Director of Trust Engagement at Salesforce. She is one of the speakers for the upcoming US Security Awareness Summit in Philadelphia August 19. Below she discusses her talk on gamification and the power of engaging employees.

For many employees in organizations across the world, security training is synonymous with getting a root canal. An interaction with the security team is rarely seen as a favorable experience and is often associated with policy enforcement, password rotation and annual computer-based trainings. But imagine a new work environment where your employees viewed the security team as a resource for protecting the company, its customers and their own personal security. Turning your employees into highly attuned human sensors would help to identify and report suspicious activities too nuanced for technology to capture.

This talk will focus on how any security awareness team can use elements of gamification and positive incentives to leverage employees' "discretionary performance" and organically increase company protection. The presentation will highlight the process of identifying and selecting vital behaviors that demonstrate a secure mindset amongst employees, such as reporting or secure development. After identifying these behaviors, the audience will understand how to develop ways to test for them using engaging campaigns such as badge-surfing competitions and team-based phishing exercises. Using the principles of positive reinforcement, learn how to effectively reward and recognize employees for demonstrating good security behaviors.

One of the core examples in the presentation will demonstrate how Salesforce has tracked positive behaviors to support leaderboards and champion programs to act as a multiplier of the security team and a catalyst for secure behavior throughout the organization showcasing reporting statistics and phishing click-through rate improvements. The presentation will also examine the effectiveness of simulation and targeted training exercises to impact when behaviors need to be modified throughout an organization. The end result of the program is a set of employees that are rewarded for behaving securely.

Bio: Masha is the Senior Director of Trust Engagement at Salesforce. She has built a team that drives a secure mindset amongst all employees using user security behavior testing and data analytics paired with elements of gamification and positive psychology. The scope of her work runs the gambit of general awareness such as phishing and reporting activity to secure engineering practices by developers and engineers. She and her team have built security simulations, MOOCs, company-wide competitions, and custom lab environments to drive effective learning of vital security behaviors. Her efforts have culminated in a security program that is altering the way Salesforce's employees, customers, partners, and large corporations approach security. Prior to her work with Salesforce, Masha was the principal founder of Dymera Strategies Consulting where she conducted social engineering and security awareness training to international companies and government agencies based on tools, techniques, and methods of prominent cyber warfare actors. Masha has also worked for Northrop Grumman and BAE Systems as a cyber threat researcher.