Security Awareness Blog: Category - Security Awareness Metrics

Primary vs. Reinforcement Training - The Key to Changing Human Behavior

Recently we have been discussing different methods of training and how to change behavior, such as the halo effect of reinforcement training. Today I wanted to take a step back and do a brief review of the two different categories of security awareness training and a simple way to compare these two categories to common … Continue reading Primary vs. Reinforcement Training - The Key to Changing Human Behavior


Shark Attack!!! - Why is This Frontpage News?

One of the things I've covered in the past is how bad we as people are at judging risk, we overestimate risk for events that are very visual and when we are not in control. This is why so many people fear flying, when in reality that is the safest way to get from point … Continue reading Shark Attack!!! - Why is This Frontpage News?


The Tao of Security Awareness - Detection

Richard Bejtlich, CSO of Mandiant and a security professional I have admired for years, recently posted his thoughts on the value of security awareness. He and I agree on many points. The goal of awareness is to reduce risk, specifically human risk, and if done right it can be effective at it. Security awareness metrics … Continue reading The Tao of Security Awareness - Detection


Phishing Assessments - A Simple, Anonymous and Free Approach

Phishing assessments are a powerful way to not only measure the awareness of an organization, but to reinforce key learning objectives. Nothing is more powerful then when people click on a link and then get instant feedback they just fell victim to a test, and then learn more about what phishing is and how they … Continue reading Phishing Assessments - A Simple, Anonymous and Free Approach


This is Why The Human is the Weakest Link

Computers and mobile devices store, process and transfer highly valuable information. As a result, your organization most likely invests a great deal of resources to protect them. Protect the end point and you protect the information. Humans also store, process and transfer information, employees are in many ways another operating system, the HumanOS. Yet … Continue reading This is Why The Human is the Weakest Link