Blog: SANS Securing The Human: Author - lspitzner

Blog: SANS Securing The Human:

Guest Post - Selling Enthusiasm - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Matt Beland, the Chief Security Officer at the law firm Davis Wright Tremaine LLP. Below is a description of his upcoming talk on "Selling Enthusiasm" at the Security Awareness Summit 10 Sep in Dallas.

Everyone's familiar with the old saying - "There are three things that matter in property: location, location, location." Well, in Security Awareness, we also have three things that matter - "communication, communication, communication". After all, the whole point of Security Awareness is communicating the things our users need to know - the threats, the tools, the responses.

But communication is hard. Our users have their own priorities and interests, they're often awash in a sea of communication on dozens of topics - how do we make ourselves heard, and not just heard, but understood? The key is engagement. If


Just Released - The Phishing Planning Kit

One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit walks you through step-by-step how to implement an effectively phishing program that your employees will actually like. In addition we include lessons learned such as how often you should do your phishing emails, who to target, what type of phishing emails you should use, what to do with violators, and what to report and to whom. Get all


Guest Post - Awareness Through Gamification - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Jonathan Homer, a member of Idaho National Laboratory Cyber Security Division and runs their SecAware team. Below is a description of his upcoming talk on "Awareness Through Gamification" at theSecurity Awareness Summit 10 Sep in Dallas.

When developing training materials we strive to create clear, concise communications based on logic and simplicity. We put tremendous effort into creating training which is understood and retained. And yet time and time again, attendees sleep through training classes and violate principles taught the same day.

In contrast, Hollywood focuses on entertainment, a model where we pay money to sit in uncomfortable seats in a dark room eating stale, overpriced popcorn. And yet we memorize famous lines, talk about the experience for weeks to come, and, most important for this


Guest Post - The Human Vulnerability Scanner - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Lance Hayden, a Solutions Architect with Cisco's IT Governance, Risk and Compliance consulting practice and author of IT Security Metrics. Below is a short description of his talk on the Human Vulnerability Scanner at the Security Awareness Summit 10 Sep in Dallas.

Security training and awareness professionals, somewhat by definition, focus more on the human and social issues of an organization than on its technology. The fact that people are not as easy to manage as machines makes the


#SecAwareSummit - Venue Confirmed and "Show-n-Tell" Session Added

We have two new exciting updates I wanted to share for the upcoming Security Awareness Summit (#SecAwareSummit) to be held 10 Sep in Dallas. First, the venue has now been confirmed, we will be holding the event at the Marriott. The reason for the delay was we wanted to be sure we had the best location possible. What we liked about this location was not only its size, but more importantly its design enables maximum interaction between attendees. We know that at events like this you can learn just as much from your peers as from the speakers, if not more. So we are doing everything we can to both enable and encourage interaction with other security awareness