Security Awareness Blog

Security Awareness Summit Roundup

show and tell 2 IMG_8941The 2nd annual US Security Awareness Summit was held in Philadelphia, 10 August with almost 150 people attending. It was an amazing mix of security awareness officers from different industries, organizations and even countries, with people coming from as far as Brunei to attend. Here are some key take aways from the event.

  • We had eight speakers, you can download their slides from our Security Awareness Summit archives. The number one rated talk was Masha Sedova from Salesforce. She explained how Salesforce gamified their awareness program, to include five behaviors they are specifically measuring. What I loved about her talk was she went into specifics on how they are running the program, to include how they measured and rewarded for specific behaviors, how employees were ranked by their levels of Jedi expertise and the different ways people can get points to go up levels.
  • Each table at the summit had a specific topic, the goal was to bring like minded people together. I noticed that the three most popular topics were gamification, ambassador programs and phishing. A close second was anything metrics related and storytelling. It seems the biggest problem people are facing is not so much gaining support for their program or deciding what to teach, but effectively reaching people and measuring the impact of their program.
  • The security awareness community is very unique when compared to the rest of the security world. Go to almost any security conference and the first thing you will notice is its almost all men. For awareness its very different. First, over half the attendees were women, in addition 6 of the 8 speakers were women. Second, this community is very much about interaction, sharing, and networking. If you do not like talking to or interacting with people, security awareness is probably not the best path for you. For example we had extended breaks, extended in-house lunch and show-n-tell sessions for people to interact and learn from each other. All we heard from everyone was more, more!
  • One of the biggest hits was the show-n-tell table. We were literally overwhelmed by all the amazing examples people brought. We originally had three tables setup for it, by the end of the day we had ten spread throughout the event. What I love about this community is everyone's willingness to share.
  • The video show-n-tell was another hit. Be sure to check out AT&T's Murray series of awareness videos.

There was so much excitement from this year that we are already planning for next year's event, as soon as we have a date and location we will let everyone now. Based on all the great feedback this year, we already have some changes planned, including

  • Next year's summit will be two days, not one. There is simply too much going on now to pack it all into a single day.
  • We will greatly expand the networking and interactive sessions. Some ideas we are already considering include; video wars where people show off their awareness video and attendees vote the one they like the best, show-n-tell speed dating where you can spend some one-on-one time with your favorite show-n-tell examples, and table workshops.
  • Lori Rosenberg volunteered to be an informal social chairman for the summit. This was such a huge success that we will make it official next year, to include optional dinners and other events. Also plan on a couple more socials thrown in for good measure.
  • More time to interact with and get to know the people at your table and other tables.

If you have any suggestions for next year's summit, or want to get involved in the planning process, just shoot me an email at lspitzner@sans.org.