Security Awareness Blog: Category - Security Awareness Planning

Gamify Your Awareness Program - At the #SecAwareSummit

Editor's Note: Graham Westbrook is the head of awareness atGeisinger Health System in PA/NJ. Heis one of the speakers for the upcoming Security Awareness Summit 2/3 Aug in Nashville, TN. Below he gives an overviewhisupcoming talk on Gamification. I entered the cybersecurity industry from the back door, you could say, having gone to school for … Continue reading Gamify Your Awareness Program - At the #SecAwareSummit


Game On - 2017 Security Awareness Summit

I am super excited to announce all systems go for the 4th annual Security Awareness Summit to be held 2/3 August in Nashville, TN. The speakers have been confirmed, the venue booked and the numbers already confirm this will be the largest summit ever. If you are involved in security awareness this is THE event … Continue reading Game On - 2017 Security Awareness Summit


*Sigh*, The Goal of Security is Good Enough

The security community is welltrained atselecting whichcontrols mitigate whichrisk. Unfortunately, that is only part of the equation, where we often fail is also determining the cost or impact of those controls. By impactI'm not just talking about the $$$ to purchase a solution, but the cost to maintain those controls, the impact due to lost … Continue reading *Sigh*, The Goal of Security is Good Enough


Time for Password Expiration to Die

Per Thorsheim, Microsoft's Dr. Cormac Herley, the UK's NCSC,the Chief Technologist at FTC,I and many others are working hard to kill password expiration. Password expiration is when an organizationrequires their staffto change their passwords every 60, 90 or XX number of days. Password expiration is also a great example of howsecurity professionals fail by simply … Continue reading Time for Password Expiration to Die


Security Awareness - The Challenge of Middle Management

Oneof the best things I love about teaching SANS MGT433 around the world is I get to learn what are the most common challenges security awareness professionalsface on a global level. A common challengeI'm seeing pop-up in the last 6-12 months is middle management. A lot of you are reporting you are getting the … Continue reading Security Awareness - The Challenge of Middle Management