One of the things I've covered in the past is how bad we as people are at judging risk, we overestimate risk for events that are very visual and when we are not in control. This is why so many people fear flying, when in reality that is the safest way to get from point … Continue reading Shark Attack!!! - Why is This Frontpage News?
Richard Bejtlich, CSO of Mandiant and a security professional I have admired for years, recently posted his thoughts on the value of security awareness. He and I agree on many points. The goal of awareness is to reduce risk, specifically human risk, and if done right it can be effective at it. Security awareness metrics … Continue reading The Tao of Security Awareness - Detection
Phishing assessments are a powerful way to not only measure the awareness of an organization, but to reinforce key learning objectives. Nothing is more powerful then when people click on a link and then get instant feedback they just fell victim to a test, and then learn more about what phishing is and how they … Continue reading Phishing Assessments - A Simple, Anonymous and Free Approach
Computers and mobile devices store, process and transfer highly valuable information. As a result, your organization most likely invests a great deal of resources to protect them. Protect the end point and you protect the information. Humans also store, process and transfer information, employees are in many ways another operating system, the HumanOS. Yet … Continue reading This is Why The Human is the Weakest Link
Last week on the infamous podcast series Pauldotcom I was fortunate enough to join an amazing group of security professionals to discuss if security awareness is worth the time and effort. If you have not listened to Pauldotcom before, definitely try them out. No Political Correctness there, people definitely speak their minds. The podcast included … Continue reading Security Awareness - Is 95% Good Enough?