Security Awareness Blog: Category - Security Awareness Planning

Secure Options for URL Shortening

One of the things I love about the OUCH! security awareness newsletter is the community feedback we get, such as questions on why we picked a certain topic, why we focused on the lessons we did or suggestions on how to improve the overall format. These interactions not only get me thinking, but in the … Continue reading Secure Options for URL Shortening


Presenting on Security Awareness at ISSA CISO Forum

This weekend I had the honor to present at the ISSA CISO forum in San Francisco, which focused on the Human Nature of Security. I usually find forums like these to be some of the most challenging crowds as they are facing the day to day realities of trying to change behavior. For example, … Continue reading Presenting on Security Awareness at ISSA CISO Forum


OUCH! Security Awareness Newsletter - Now In Spanish

As many of you know, SANS Securing The Human publishes a free, monthly security awareness newsletter. These newsletters are written for the ordinary computer user, they explain how people can protect themselves in simple, non-technical terms. Each newsletter is led by a Subject Matter Expert (SME), usually one of SANS top rated instructors and reviewed … Continue reading OUCH! Security Awareness Newsletter - Now In Spanish


Book Review - Social Engineering

If you want an effective security awareness program you have to understand how employees will be attacked, and to understand that you need to know the fundamentals of social engineering.I just finished reading the book Social Engineering by Chris Hadnagy and wanted to share with you my thoughts. First, there are surprisingly few good books … Continue reading Book Review - Social Engineering


When Data Can't Be Private on Social Networking - Part II

Last week I posted the top five reasons why your data cannot be private on a social networking site. Do not get me wrong, I think social networking sites are a tremendous tool. I cannot think of a better way to quickly and easily share information with so many people around the world. My concern … Continue reading When Data Can't Be Private on Social Networking - Part II