Security Awareness Blog

Out-of-Band OUCH! - Heartbleed, Why Do I Care

A key step to protecting most operating systems is regularly patching and updating them. Some operating systems, such as Microsoft, are updated on a monthly basis, known as Patch Tuesday. However, every now and then a critical vulnerability is found, one that bad guys are actively exploiting. In these cases organizations like Microsoft release what … Continue reading Out-of-Band OUCH! - Heartbleed, Why Do I Care


Guest Blog - Taking a Generational Approach to Security Awareness

Editorial Note: This is a guest blog post from Paula Fetterman . We feel she came up with an amazing idea and asked her to share it here. In Feb 2014, I had the opportunity to attend the RSA Security Conference in San Francisco. While attending an early morning session (thank goodness for caffeine), I … Continue reading Guest Blog - Taking a Generational Approach to Security Awareness


Idea for Human Metrics - Tracking Updates

Its always challenging to find a good security awareness metric. By good, I mean not only does the metric need to measure a human behavior that I care about, but the metric is easy and low cost to repeatedly measure. So I'm always excited when I find what I feel is a good security awareness … Continue reading Idea for Human Metrics - Tracking Updates


Trick for Rewarding Good Behavior

Just finished up SANS MGT433 class this week at SANS 2014 in Orlando. One of the things I love most about teaching is I always learn something new. One of the students had a great idea for rewarding. In general you want to avoid providing purely monetary awards for good behavior, you quickly run out … Continue reading Trick for Rewarding Good Behavior


Updating Your Awareness Training

A common mistake I often see organizations make with their security awareness program is failing to plan long term. Quite often organizations get caught up in the initial roll-out of their training, but forget to plan on updating their program at some point. Its key that you update your program at a minimum once … Continue reading Updating Your Awareness Training