Security Awareness Blog

Security Awareness Blog

What You Actually Need is a Security Communications Officer

A number of factors have come together to cause me to rethink our approach to security awareness and training. For years we have discussed the need for organizations to have a dedicated Security Awareness Officer. I'm beginning to think this is wrong. We don't need security awareness officers, what we need are more Security Communications Officers. This is why.

The number one challenge I'm seeing organizations face around the world is the ability to reach and engage employees. Most organizations already know what they need to teach people. They have a team of highly technical and skilled experts that have a good understanding of the organizations risks and how to mitigate them. Where organizations fail is then having these very same individuals communicate those risks to people. This is the wrong approach. Not only do most security professional lack any formal training in communications, we as a community are actually taught how NOT to communicate (i.e. loose

...

OUCH! Newsletter - Gaming Online Safely and Securely

OUCH-GamingOnlineSecurelyFolks, this month's OUCH! newsletter is out. For this month we focused on something a bit different, online gaming. Gaming online is a fantastic way to have fun and meet others, but it does come with it's own set of unique risks, especially for kids. Surprisingly, the majority of these risks are not technical but human risks. Learn how you and your family can game safely online in this month's edition. As always, we encourage you to share OUCH with friends, family and at work. Download and share OUCH today.

Developer Awareness Training: How Metrics Help

SDLC-EndGuest Editor: Today's post is from Eric Johnson. Eric is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. In this series of posts Eric will take a look at laying a foundation for Developer Security Awareness Training.

In the previous post, we laid the foundation for developer security awareness training. Now let's talk about the metrics we can collect to help improve our program.

It's all about the metrics

As we previously mentioned, establishing a common baseline for the entire development team would

...

What Should Developer Security Awareness Training Look Like?

SDLC-EndGuest Editor: Today's post is from Eric Johnson. Eric is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. In this series of posts Eric will take a look at laying a foundation for Developer Security Awareness Training.

In our last post, we discussed improving the security of our organizations with security awareness training for development teams. Now let's talk about the security training we should provide.

What should it look like?

All team members have different knowledge levels of the

...

A Foundation for Developer Security Awareness Training: Whats the Problem?

SDLC-End

Guest Editor: Today's post is from Eric Johnson. Eric is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. In this series of posts Eric will take a look at laying a foundation for Developer Security Awareness Training.

In our last post , we discussed what we should take away from publicized security events. Let's discuss why we are failing, and what we can do to make it better.

Why are we failing?

Software has become a requirement across all industries in today's world. Every market is

...