Security Awareness Blog: Author - lspitzner

Book Review: The Heart of Change

In November I reviewed the book "Leading Change" by John Kotter. I highly recommend anyone involved in or leading a security awareness program read the book. Mr. Kotter is considered one of the world's leaders in change management and provides a wealth of knowledge on how to ultimately change behaviors. I just finished his follow-on … Continue reading Book Review: The Heart of Change


Looking Forward to Securing The Human in 2015

2014 has been an amazing year for the security awareness community. I feel organizations are truly making the fundamental shift from just compliance to changing human behavior. From working with hundreds of organizations, teaching multiple classes of SANS MGT433 and the first ever security awareness summit, I'm seeing both interest and investment in security awareness … Continue reading Looking Forward to Securing The Human in 2015


Windows vs Human Security - By The Years

For years I've been struggling on how to best demonstrate the lack of investment in human controls versus technical controls. A big shouts out to James Lyne who gave me this idea based on a presentation he did in London in November. In this graph you see over the past 15 years numerous steps Microsoft … Continue reading Windows vs Human Security - By The Years


Failing a Phishing Test - Rite of Passage

After several years of running phishing programs and working with other organization's on theirs, I'm starting to notice a trend. Sooner or later everyone falls victim to a phishing assessment. Heck, even I fell victim to a phishing assessment once, and it was my own assessment (happy to share that story, but the price is … Continue reading Failing a Phishing Test - Rite of Passage


Aligning HR With Secure Behaviors

One of the ideas I pulled from John Kotter's book Leading Change was a suggestion on Human Resources. Have your HR team align performance evaluations, compensation, or promotions based on peoples' security behaviors. This does two things. First, it increases motivation because people see an actual, tangible gain by changing their behaviors. But even more … Continue reading Aligning HR With Secure Behaviors