One of the challenges we have with security awareness is when you come down to it, awareness training and education can become boring over time. Yes there are steps you can take to make it exciting, and there are many things you can do to sexy training up, but how often do you have employees … Continue reading Gamifying Security Awareness
I just listened in on a great webcast by John Strand, one of SANS' lead instructors on their penetration testing courses. John spends an hour discussing the latest tools and techniques in conducting human based penetration testing, specifically phishing and spear phishing. If you are involved in penetration testing and/or awareness training this is a … Continue reading Webcast on Phishing / Spearphishing Your Organization
The APT (Advanced Persistent Threat) has popped-up on the radar for many organizations, including those in government, defense or research. As many of you already know, APT is a type of threat (it is a WHO, not a HOW). Specifically a highly trained threat that is motivated to compromise your organization, and they have both … Continue reading HOWTO Awareness Training for APT
I'll be teaching MGT 433 this March 23/24 in sunny Orlando as part of SANS 2012, you can also virtually attend the class without having to leave home. If your organization is planning a new security awareness program, or looking to improve an existing one, this intense two day course is for you. In … Continue reading Two day class on building high impact awareness programs - this March in Orlando.
As I discussed in my last blog posting, we at SANS our going through our bi-annual update on security awareness training, specifically updating our awareness content. One of the key new modules we are developing is just for senior management. While it would be great for senior management to go through all the in-depth training … Continue reading Security Awareness For Senior Management