Blog: SANS Securing The Human: Category - Events

Blog: SANS Securing The Human:

Guest Post - Awareness Through Gamification - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Jonathan Homer, a member of Idaho National Laboratory Cyber Security Division and runs their SecAware team. Below is a description of his upcoming talk on "Awareness Through Gamification" at theSecurity Awareness Summit 10 Sep in Dallas.

When developing training materials we strive to create clear, concise communications based on logic and simplicity. We put tremendous effort into creating training which is understood and retained. And yet time and time again, attendees sleep through training classes and violate principles taught the same day.

In contrast, Hollywood focuses on entertainment, a model where we pay money to sit in uncomfortable seats in a dark room eating stale, overpriced popcorn. And yet we memorize famous lines, talk about the experience for weeks to come, and, most important for this


Guest Post - The Human Vulnerability Scanner - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Lance Hayden, a Solutions Architect with Cisco's IT Governance, Risk and Compliance consulting practice and author of IT Security Metrics. Below is a short description of his talk on the Human Vulnerability Scanner at the Security Awareness Summit 10 Sep in Dallas.

Security training and awareness professionals, somewhat by definition, focus more on the human and social issues of an organization than on its technology. The fact that people are not as easy to manage as machines makes the


#SecAwareSummit - Venue Confirmed and "Show-n-Tell" Session Added

We have two new exciting updates I wanted to share for the upcoming Security Awareness Summit (#SecAwareSummit) to be held 10 Sep in Dallas. First, the venue has now been confirmed, we will be holding the event at the Marriott. The reason for the delay was we wanted to be sure we had the best location possible. What we liked about this location was not only its size, but more importantly its design enables maximum interaction between attendees. We know that at events like this you can learn just as much from your peers as from the speakers, if not more. So we are doing everything we can to both enable and encourage interaction with other security awareness


Guest Post: Ramping Up Your Phishing Program - Security Awareness Summit

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.

During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills


Guest Post - Enticing Employees to Self-Educate

Editors Note: This blog post is from Lori Rosenberg, part of the security awareness team at eBay. Here she covers her upcoming talk at the Security Awareness Summit (#SecAwareSummit) this 10 Sep in Dallas. The summit brings together awareness officers from around the world to share how they are taking their program to the next level, and how they are measuring that impact.

Like most large organizations, I'm limited in the frequency and length of communications in which I'm able to send to large groups, so I have to make the most of all opportunities when I push information to our employees. This is one of the many benefits of