One of the great things about the annual RSA conference is meeting people smarter then you. Simple, informal conversations or structured presentations are a tremendous way to learn and come up with new ideas. The other night I had a chance to have dinner with Andy Jaquith, author of Security Metrics, often considered the bible … Continue reading Security Awareness Metric - What is Your Prevention / Detection Ratio?
I've posted several times about the tremendous value of an active phishing assessment program. Not only does it result in effective behavior change, but based on my experience phishing assessments are positive and a highly engaging way to reach people. In may ways it becomes a challenge of who can 'spot the phish' first, gamifying … Continue reading Tuning the Human Sensor with Phishing Attacks
Continuing our top three trend I wanted to share the top three reasons I see awareness programs fail. By fail I mean they do not have an impact. If compliance is your only goal, this is much simpler to achieve. Having an impact through behavior change is a far greater challenge. 1. No Plan: This … Continue reading Top 3 Reasons Security Awareness Training Fails
While working with executives and security professionals on awareness training, I tend to run across the same questions or misconceptions. I wanted to share with you the top three I most commonly run into and explain why were others sees problems, I see solutions. 1. Awareness never worked in the past, why should it work … Continue reading Top 3 Misconceptions on Security Awareness Training
I recently took Jeff Frisk's MGT 525 course on project planning. This is a great class to take if you are going to be working on any large scale or long term project, such as a security awareness program. What I liked best about his course is it brings structure to planning such a program … Continue reading Security Awareness Training - Starting With Project Charter