One of the biggest take-aways (and surprises) for me from the 2015 Security Awareness Report is the lack of soft skills in our field. Over 75% of those leading or supporting a security awareness program had very technical backgrounds, to include IT admins, security analysts and even webmasters (page 8). In addition, we found most security awareness programs falling under the IT chain of command. Once you read the report it really makes sense. If an organization is concerned about the security of their employees, where do they go? The security team. And who makes up most security teams? Highly skilled and highly technical wizards that live and breathe bits and bytes.
However, awareness is ultimatelyabout changing human behavior, and to do that effectively it comes down to communication. If people do not know what they are supposed to do or why, they will neither be
At Securing The Human we are big believers in working with and supporting the community. As such, for 2015 we really wanted to start the year off with a bang. This week we are releasing the following community resources.
OUCH!: We just released the January edition of the OUCH! security awareness newsletter. Led by Guest Editor Chris Crowley, we cover how to securely use mobile apps. Since many of you have new mobile devices after the holidays, we figured this was a perfect time to remind everyone how to leverage them in a safe and secure manner. OUCH! is provided in 25 languages and we encourage you to download and share with others. You can always find
2014 has been an amazing year for the security awareness community. I feel organizations are truly making the fundamental shift from just compliance to changing human behavior. From working with hundreds of organizations, teaching multiple classes of SANS MGT433 and the first ever security awareness summit, I'm seeing both interest and investment in security awareness growing at a tremendous rate. In addition the market has matured to where there are numerous vendors innovating in amazing ways. I feel like security awareness is where information security was in the early 2000's, when few people took security seriously, but you could see the tsunami coming. The human element is no different, we are just beginning to see this field grow, expect to see amazing things happen in our world in 2015. I know I'm excited!
Folks, I'm excited to announce that SANS MGT433 (Building a High-Impact Awareness Program) is coming to Canberra, Australia 18/19 March next year. This will be the first time this intense two-day class has ever been taught below the equator. If you are Down Under and your organization is building a new security awareness program or looking to pump-up your existing one, I highly recommend you don't miss this opportunity. Not only will you learn from the collective wisdom of hundreds of security awareness officers, this is a fantastic
Folks, as some of you know in October for National Cyber Security Awareness Month we released the first ever Security Awareness Survey for Security Awareness Officers. Over 200 people responded, which was an amazing number. We had hoped to release the results of the survey this week but have ran into two challenges, to be honest both are good problems to have.
- We received far more information then we expected. We really want to be sure we take our time and digest/analyze this information correctly and present it in a useful and easy to use format for security awareness officers around the world.
- Bob Rudis from the infamous Verizon DBIR team volunteered to help analyze this rich source of information. We wanted to give Bob time to work his magic.
So, while the survey results will be later then we hoped, we like to think they will be well worth the wait. Stay tuned :)