One of the things I've covered in the past is how bad we as people are at judging risk, we overestimate risk for events that are very visual and when we are not in control. This is why so many people fear flying, when in reality that is the safest way to get from point … Continue reading Shark Attack!!! - Why is This Frontpage News?
I recently attended the Learning 3.0 Conference in Chicago, IL. As someone whose career has been primarily about security and mitigating risk, I realized we have a lot to learn from others about cognitive behavior and the science of learning. I attended several excellent talks at the event which I'll be sharing over the week. … Continue reading The Forgetting Curve - The Importance of Reinforcement
Recently @erickolb asked me a great question, how do you train and engage a workforce that has a high-turn over rate? This is a common challenge, especially for industries such as retail where high-turn over or seasonal hires can greatly complicate your program. These are some initial recommendations I would make. Start With Your Core: … Continue reading Awareness Programs for High Turnover
Richard Bejtlich, CSO of Mandiant and a security professional I have admired for years, recently posted his thoughts on the value of security awareness. He and I agree on many points. The goal of awareness is to reduce risk, specifically human risk, and if done right it can be effective at it. Security awareness metrics … Continue reading The Tao of Security Awareness - Detection
Phishing assessments are a powerful way to not only measure the awareness of an organization, but to reinforce key learning objectives. Nothing is more powerful then when people click on a link and then get instant feedback they just fell victim to a test, and then learn more about what phishing is and how they … Continue reading Phishing Assessments - A Simple, Anonymous and Free Approach