Security Awareness Blog: Author - lspitzner

Game On - 2017 Security Awareness Summit

I am super excited to announce all systems go for the 4th annual Security Awareness Summit to be held 2/3 August in Nashville, TN. The speakers have been confirmed, the venue booked and the numbers already confirm this will be the largest summit ever. If you are involved in security awareness this is THE event … Continue reading Game On - 2017 Security Awareness Summit


*Sigh*, The Goal of Security is Good Enough

The security community is welltrained atselecting whichcontrols mitigate whichrisk. Unfortunately, that is only part of the equation, where we often fail is also determining the cost or impact of those controls. By impactI'm not just talking about the $$$ to purchase a solution, but the cost to maintain those controls, the impact due to lost … Continue reading *Sigh*, The Goal of Security is Good Enough


Time for Password Expiration to Die

Per Thorsheim, Cormac Herley, I and many others are working hardto kill password expiration. Password expiration is when an organizationrequires their staffto change their passwords every 30, 90 or XX number of days. Password expiration is also a great example of howsecurity professionals fail by simply repeating old myths or focusing on just mitigating risk, … Continue reading Time for Password Expiration to Die


Security Awareness - The Challenge of Middle Management

Oneof the best things I love about teaching SANS MGT433 around the world is I get to learn what are the most common challenges security awareness professionalsface on a global level. A common challengeI'm seeing pop-up in the last 6-12 months is middle management. A lot of you are reporting you are getting the … Continue reading Security Awareness - The Challenge of Middle Management


Guest Blog - Nudging Towards Security - Part 4

Editor's Note: This is a part of a series of blog posts by Sahil Bansal from Genpact on the topic Nudging Towards Security. Making Security Personal Traditional Approach of Security Communications - Employees behave in a particular way because there is something that motivates them to do so. Traditionally, the information security teams of organizations … Continue reading Guest Blog - Nudging Towards Security - Part 4