Security Awareness Blog

Updates to OUCH! and STH

I just wanted to share with you some updates from the Securing The Human team. First is OUCH!. As most of you saw we released the March edition last week, the topic was Dos and Don'ts of Email. One of the most common requests for OUCH! has been for us to release OUCH! earlier in … Continue reading Updates to OUCH! and STH


Webcast & Deployment Package for High-Impact Awareness Programs

Establishing a security awareness program that ensures your organization is both compliant and reduces risk is difficult. Many organizations do not even know where to start. To help you we have put together a planning package. This package is made up of the following. PACKAGE: First is thePlanning & Deployment Package itself. This package contains … Continue reading Webcast & Deployment Package for High-Impact Awareness Programs


Security Awareness Training - Scheduled or On Demand?

I'm noticing a trend in awareness training, one I wanted to share and see if others are seeing the same thing. In general there are two ways to deliver training, what I call Scheduled or On Demand. Scheduled is what you think of for traditional training. A certain time and/or place is set and people … Continue reading Security Awareness Training - Scheduled or On Demand?


Security Awareness Metric - What is Your Prevention / Detection Ratio?

One of the great things about the annual RSA conference is meeting people smarter then you. Simple, informal conversations or structured presentations are a tremendous way to learn and come up with new ideas. The other night I had a chance to have dinner with Andy Jaquith, author of Security Metrics, often considered the bible … Continue reading Security Awareness Metric - What is Your Prevention / Detection Ratio?


Tuning the Human Sensor with Phishing Attacks

I've posted several times about the tremendous value of an active phishing assessment program. Not only does it result in effective behavior change, but based on my experience phishing assessments are positive and a highly engaging way to reach people. In may ways it becomes a challenge of who can 'spot the phish' first, gamifying … Continue reading Tuning the Human Sensor with Phishing Attacks