The Science of Security: The Psychological Impacts of Security Awareness Programs

SANS Institute · Intermediate ·🎯 Management & AI-Era Leadership ·7y ago

Key Takeaways

Examines the psychological impacts of security awareness programs on employee behavior

Full Transcript

so I want you guys to stand up for me okay it's awesome okay just go ahead and roll your shoulders okay there we go roll your shoulders and now I'm when I say good you say morning good good when I say good you say morning good good now just put your hands in the air wave them like you just don't care all right and if you don't like clicking on phishing emails can you just say oh yeah oh yeah okay now that I have figured out that you're all crazy we're gonna go ahead and start this thing so I'll have a seat we're going to talk about the science of security here okay so my name is Shayla Trevo like lands that are undiscovered financials security education and awareness program so I'm an information security professional yay along with that though I am an organizational psychologist and I'm also a marketing strategist before entering into the information security field I actually came from a marketing and strategy background so InfoSec was kind of new at first but when I'm trying to come up with all these ideas of how we're gonna handle different awareness campaigns I actually get a chance to hang out with my husband and talk to my doggie digit so digit helps me with most of this stuff and you can see a wonderful picture of my team down there because I make them crazy so what's the big idea here big idea here is that we understand the spending money on security awareness does not always equal behavioral change there's tons of money that's going into this industry you guys deal with it every day I believe Gartner just published that we're at approximately 96 billion this year on cyber security alone and the bad guys are not the only reason why security needs to exist for me I work at a financial institution I mean I have regulations and I have executives constantly breathing down my throat saying hey we need to get this stuff out there because I don't want to pay fines now along with that talking about psychology a lot of times every time someone hears Oh psychology or psychotherapist it means that something is wrong but that's not always the case you don't always have to lie on a couch because you hear those voices some of us hear those voices and we still don't lie on the couch but that's a whole different conversation but the big thing here is that we want to start looking at how we can take a positive psychology approach to building our awareness programs so I like the State of the Union I like politics and the truth about this is that the cost of security education is on the rise it's going up on the rise and most companies are you really doing users as the last line of defense as we look at a layered defense model which means that at the end of the day if the bad guys get us it's because people didn't train people the right way I get that all the time and there has been minimal evolution and the distribution of how we actually put out security training most of us understand that we do our phishing emails and we also have our computer-based training modules if I get those two done we have a security awareness program hence why a lot of you actually have maybe one person on your team or you might be that one woman or man show or that might be part of your job but the evolution of that training hasn't changed even though we all know that the root cause of everything is people so we have a problem there so show me the money like I said I work for a financial institution everything's about money the reality is is that we're having a difficult time keeping up with bad guys when you start looking at vulnerabilities that have come down the pipeline the days to create those patches actually is on the rise some of them are over 200 days just to develop one patch and a lot of research shows that people aren't even concerned about zero day attacks the way they used to be they're more concerned about those vulnerabilities that we have sitting out there because there's not a solution for it yet now another thing with that is that the last line of defense is becoming a little bit more important now like I said the minute that something goes wrong what is it you don't have adequate training you don't have adequate training some companies including mine have even gone to having a corrective action process for those people who may fail assisted fishing assessments or they allow the company be more vulnerable to threats that they normally didn't have and looking at the fact that I just told you that we're at approximately 96 billion this year for cyber security what's really really funny about that is that the average spent on training is about $300,000 a year for a nice sized company that's about gosh we average in about three percent of the annual cyber security budget it's dedicated to training alone what like I said people are the problem but are we really looking at that as a solution so as you can see there's time for a change security is more than just the compliance activity we're really looking at cultural change and taking advantage of marketing strategies like guerrilla marketing and social media actually can help us a lot and doesn't cost us that much money and if we can embed security training into our culture then we can actually see change and we can measure it and we can mitigate that security risk due to the human factor so let's talk a little bit about security awareness as a science as you know awareness training is all about behavior and psychology is the study of mind and behavior so we have that big word behavior in both of these and I really like this comic with actually I'm fine I just like a place where I'm allowed on the couch my little doggie digit that helps me come up with all this security awareness stuff he takes over my couch but the one thing that we can agree on is that it's a big role with psychology and awareness training coming together to make it show that we actually have something they're trained to that makes a little bit more sense so let's look at psychology for a second a little bit more a new lens on psychology so traditional psychology focus is on what's wrong with a person you hear voices or you have doubts it's all about what's wrong but the difference is is that when we look at positive psychology it's all about an approach of studying human thoughts feelings and behaviors well you stroked us on your strengths instead of your weaknesses now I know that a lot of you probably have heard of Gallup StrengthsFinder by Tom Rath and the grant Gallup group that whole model is based off of focusing on strengths instead of looking at weaknesses and it's possible for us to look at that with our awareness programs that's really helping us take our people that we're trying to train and looking at they're good instead of they're bad and reinforcing those positive behaviors so positive psychology in a nutshell it's all about positive experiences that's when people feel loved joy appreciated things of that nature positive states and traits that is when you're looking at the intrinsic motivation of someone versus their extrinsic motivation and I can tell you with intrinsic motivation that's something that you can't take away extrinsic it gets to a point that you pay people a certain level and they still just don't care anymore we heard yesterday how people still click on those phishing assessments just because they know that nothing's going to happen so extrinsic motivation only goes so far and then when we're looking at positive institutions that's really looking at how does your company handle behavioral change how is the culture of the company are you risk adverse are you cool with risk that's perfectly fine best positive psychology in a nutshell so like I said in the very beginning relax we're all crazy it's not a competition but we're gonna get through this thing together so time to get really really academic when positive psychology was first founded in mind of you this is a very very new type of psychology study that's going on it was this concept of flow and flow is simply just being in the zone so it's when people are completely immersed in an activity just for the activity sake you don't have to get anything out of it that goes back to that intrinsic motivation and that allows people to have their whole being involved at all times and if we can shift security awareness and training efforts to the zone maybe we can capture our people and get them to understand certain concepts so when you're in the zone it's a delicate balance between having a very challenging situation that people were working through balance with a skill set in order to keep them in that wonderful gray area that you see so that means that we're increasing skills and then decreasing challenges and then you have less demanding skills and then you start to increase those challenges again and if we build that in our awareness programming we can keep people in that flow state so then suddenly it's not about the company getting you and it's not about the fact that something is just too easy it's just what we do and if we can get people there then that's how you get to cultural change so we're positive psychology there's this notion of perma perma is about positive emotions engagement relationship meaning and achievement once you get all that together and get those pillars actually standing up that's how you hit culture so what I'm going to do is walk through all of those and just give you some examples of how we do that at our organization to get people to swing into that cultural change first one is positive emotions so positive emotions as I stated before is more than just happiness it's not about happiness the positive emotions is equivalent to having joy it's something that's constantly with you it can broaden or increase your thoughts or actions and it can impact our habitual ways of thinking so with positive emotions something that our team has done is that we view awareness programming completely different um sometimes I wonder what my boss is thinking when he sees the things that I have approved because they're kind of crazy we've had events where we have pop shots and people are shooting basketball so imagine your boss looking at the expense before it you bought a pop shot if you guys go next door you see that we have a mannequin out there I have to explain to my boss why I bought a mannequin that's kind of tough but the thing about it is when you have these type of awareness events it's about having fun one wonderful example of this is that we had an event called March Madness at the March Madness event we had TVs all around where was streaming the game so people got a chance to leave their desk just for a moment to watch the March Madness game we had food we had these pop shots we had all these games and prizes and people genuinely enjoy themselves however embedded in that event was three different games we had a trivia game that was centered around information security we had additional games that were about records management securing data from a data handling perspective all of this stuff was happening as we were tagging on to the fact that people just wanted to watch the basketball game so with that what ended up happening is that afterwards people will come up to the team various times throughout the building I was like hey hey I remember when I was playing basketball that one time that you told me that I shouldn't have this type of data on my desk or I remember you told me that one time that you did that extinct room that we shouldn't stick USBs into our computer so what you do with positive emotions is that you take something that people really really like and you're just kind of like piggyback with that to get them to get into the groove of what we really want them to be aware about next one is engagement engagement about being totally absorbed by our present task where time and self-consciousness seems to cease and everyone finds enjoyment in different ways that's the biggest key in this one everyone finds in different ways one of the big things that we do on our team is that we actually piggyback on the seven different learning styles that you guys see displayed here with those seven different learning styles what we do is we take topics and we will train against it in multiple ways because just because you're a visual person doesn't mean that you're a social person and it doesn't mean that you're a physical person but if I can reinforce the same topic multiple ways then I can actually get changed to actually happen which is really really key for us and the only reason why we know this works is because we would do a baseline metrics reading before an event have an event or run a campaign because this usually takes time usually it can take weeks and then afterwards we can measure and see what happened and if there's a behavioral change once we started doing this we actually started seeing change because we realized that everyone doesn't read articles I can post it on our intranet site all day every day no one's reading that stuff however if I'm doing a physical activity I can get some people involved and then verbal was actually one of the big big ones now given people love food and we give away Donuts a lot on our team we found out that if I can get you to take a doughnut from me then you know I can talk to you for a second it really does work so if I can get people to talk to me for a second they can actually absorb things that way and we're getting that population so with engagement the biggest p was people learn different ways so you got to give them awareness different ways in order for them to absorb it next one it's relationships and I'm not going to pick on you wonderful communication people out there I might pick on you but that's okay building relationships is really important when you're running an awareness program it's a difficult thing but having strong relationships is really really important to build trust and it's actually one of the most important aspects of life period from a psychological perspective with building relationships one thing that we ended up Ewing was developing a security education and awareness council now this Council meets with us quarterly because we believe that our awareness activities on a quarterly basis so we're always ahead of schedule we get those people to sit down with us we discuss what we're going to do and we get their feedback now the minute you start getting their feedback suddenly they really get involved and they want it to be successful because their names attached to it this really helped us build our relationships with corporate communications Human Resources our legal team other compliance teams wanted to tag on to this and it's become a thing now because everyone has a stake in it and I understand that you hear build relationships all the time but you have to understand that you have to be persistent with it developing trust doesn't happening overnight it's something that happens over a long period of time and it took us a long time to get our corporate communications team Human Resources team other technology teams to work together for a common cause what's also important in this whole building relationships bit is we have to make sure that we're ingrained in information security from the very beginning to the very end of the program holistically because through our relationships we're actually able to deploy dynamic training based off of what's happening in the threat environment that means that example Equifax breach happened that breach actually impact a lot of financial institutions we got knowledge of that before most which actually helped us develop campaigns and deploy dynamic training that will actually help our people in our centers and our executives alike so when you're building relationships and you're gathering those stakeholders it's easy to go to the people that you think you're supposed to but go ahead and add in some of those other people that otherwise you would never talk to I want to make sure that I have that person from the command center I want to make sure I have that person from my intelligence team I want to make sure that my vulnerability management people know what's going on as well because then I'm able to talk to them if I know that a patch is about to be deployed or there isn't a solution yet I can train to that dynamically and it helps keep her company more secure think I went past one meaning so meaning is all about having purpose and like I told you before having purpose is something that's near and dear to every human it's really exploring the greater impact of being aware when you have a purpose so what we did is that every October we sit down and we plan out what we're doing for the year now we do know that plans change based off of what's going on in the world but when we sit down and have our plans there is a method to our madness and trust me if you talk to my team anyone here today you can see that they're actually very very mad people uh I don't know how I deal with them I don't really don't know how they deal with me but the first thing is looking at this thing like it's a circle like it's a radius okay starting from the very center we want to make sure our people understand how to keep themselves and their families secure it's more about showing that I care about you I care about your family I want you to be secure during this time period we really look at w2 scams trying to make sure that they're aware of things of that nature Internet of Things okay you just bought your kit that new iPad for Christmas you know what that means or you just bought that new refrigerator it connects the Pandora it's a device that actually connects to the Internet can you get hacked when we start talking about people and making it personal suddenly they start to listen because that's the core of their being from their second quarter we begin to talk about how to keep the stuff that you manage at work safe that's when we start to introduce data handling and classification we start to introduce how do you handle phishing emails now mind you this is this is working from the very center and moving out so I've already told you that you need to be aware that things are happening and you're starting to care about this do you like oh my goodness maybe I should worry about my personal email oh my goodness maybe I should start thinking about what data I have laying around in my house so it's building off of that by the time we get to q3 we're talking about how to keep your team and your entire department safe that's when we start talking about some of the things that traditionally scare people like insider threat different intelligence models that we may use in the company and how we keep our organization for our team safe that means that hey if I know that Johnny over here has a very sensitive document and it's on this Drive is that document actually secure right there and we get people to start working together as a team so by the time we get to q4 it's about how to keep the company secure that's when we start talking about things that actually can have reputational damage to the company things that can hit our bottom line but at this point people were completely invested in security because we built off the fact that I want you to be secure and we'll recycle this model over and over again achievement it's all about having goals or an ambition and give people a sense of accomplishment with achievement this is where positive reinforcement really really comes into play instead of punishing those people who click on that phishing email go ahead and start rewarding those people that report it in achievement when we had our stateroom we made it a team building opportunity we actually did our escape room in a q3 and with that team building a copper tunity we highlighted their accomplishments how well they got through the room we had a leader board and it was a big deal to the point that corporate communications that typically hates me they decided to put out an article on our event to talk about is success and how much they enjoy going with it and corporate communications and I we love each other right now and I never thought that that could never happen with even though it's really important to set realistic goals and we're worried people when those goals are met we're not asking people to be perfect but I'm asking you to try so that also means that fishing is a wonderful example for me whenever a phishing email goes out let's say you got caught you got caught but do you still report it a lot of people tend to hide once they get caught doing something wrong or make a mistake but we encourage people not to be afraid go ahead and report it because we care about the company as a whole that means that our team can actually go in there look at what the phishing email was and deal with it and we can keep on rolling so if when you include a achievement in to your awareness programming it helps people expand who they're gonna be so like I said with all of these concepts it's really about people company culture and risk appetite and keeping those things in a balance you want to make sure that you're focused on your people you understand how they learn from a company culture perspective be honest with yourself about how your company culture is and from a risk appetite perspective how much risk does your company is recumbent ok with you taking on for us we're a very risk-averse company we're a financial institution from a company culture perspective we're actually quite conservative which means that we intentionally made our security awareness program almost playful and childlike because it was completely opposite of what our company was which attracted people and then from a people perspective you try to build those relationships and make sure that people feel involved and make sure that people feel that this is an open culture enough where if something's wrong you can tell me and that you can trust me so some of the key takeaways that I hope that you guys got from this is having a good awareness program is not about money there's plenty of things that we do that we buy doughnuts for people I mean it's not that much thinking like a marketer is key think about the things that capture you when you're watching television or capture you when you're on social media and get that marketers mind and play focusing on what's right instead of wrong is very very key as well because that helps people feel that you're appreciating them for the things that they're doing right creating positive experiences for participants that means that if I'm out there at my team in ref jerseys because we have an event call you got played we just fake silly reps and we have done that or we've even done a fishing hole event where Mike was Mike wave Mike he was over there and he had a pair of waders on a kid size pool and some balloons but a sign that said hacker standing in the middle of the entrance of our lunchroom trying to lure people over as to hey don't you want to give me some information but it took I put my team in horrible situations that's okay but it took something that we were looking at fishing in that context context that got people the next thing is balancing skills and challenges that one's a little hard and it takes a lot of critical thinking thinking but it's possible to really evaluate what are you putting out there is it challenging or is it a little bit too easy and try to find that middle so we can start flowing through things and at the end of the day it's all about cultural change you really want to make sure that you drive it so that you can get your folks will change going so recommendations that I have for you guys conduct brainstorming activities with various people pick different people from different teams and just do a brainstorming activity for about an hour and come up with a really really cool concept for an awareness program we do this all the time it really does work trust me you really really yes create a security training awareness Council that can meet quarterly these are people that you can keep accountable and also it helps you to get those threads throughout the entire organization so that you can ignite change and be aware of different learning methods everyone doesn't learn the same way so we can't keep deploying training the same way otherwise people just aren't going to get it or you're going to get a certain population that gets it and another population that's left out [Applause]

Original Description

SANS Summit schedule: http://www.sans.org/u/DuS Security Awareness professionals have been pushing training and awareness on information security best practices for some time now. Many companies have spent millions of dollars on computer and instructor-based trainings as well as awareness activities. However, few companies have really seen a behavioral change in their employees. Behavioral modification is hard, but not impossible. Once we realize that security awareness is a science, positive behavioral changes can take place, thus impacting the overall security posture of any organization. This presentation will examine how through security awareness programs utilizing positive psychology principles – Engagement, Relationships, Meaning, Achievement, and Positive Emotions – we can directly impact the security risk appetite, behaviors and overall culture of our organizations and bring back the positivity in information security. About Shayla Treadwell Shayla currently leads Discover Financial’s Business Information Security Office and Information Security Education & Awareness program. Throughout her experiences, she has had the opportunity to wear multiple hats, yielding broad skills in training and development, people management, and project management. Shayla is a graduate of Bradley University with a B.S. in Marketing and Management and holds an M.S. in Organizational Leadership from Lewis University. Along with holding information security certifications and being a Six Sigma Green Belt, she is currently a Doctoral Candidate pursuing her Ph.D. in Business Psychology – Organizational Leadership from The Chicago School of Professional Psychology.
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 54 of 60

1 SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
2 SANS Institute Cybersecurity Training Customer Stories
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
3 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
4 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
5 CISSP® Prep Exam, MGT414, by SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
6 SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
7 Information Security Training from SANS Institute - Student Testimonials
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
8 SANS NetWars
SANS NetWars
SANS Institute
9 SANS DFIR NetWars
SANS DFIR NetWars
SANS Institute
10 Hack The Drone - SANS Cyber Academy UK
Hack The Drone - SANS Cyber Academy UK
SANS Institute
11 SANS VetSuccess Immersion Academy
SANS VetSuccess Immersion Academy
SANS Institute
12 SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
13 The 2015 SANS Holiday Hack Challenge
The 2015 SANS Holiday Hack Challenge
SANS Institute
14 SANS VetSuccess Academy: Hands-on Skills
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
15 SANS VetSuccess Academy Overview
SANS VetSuccess Academy Overview
SANS Institute
16 SANS ICS Security Summit & Training 2017
SANS ICS Security Summit & Training 2017
SANS Institute
17 Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
18 WannaCry recap, patches, and analysis
WannaCry recap, patches, and analysis
SANS Institute
19 If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
20 Graduation Day - SANS HM Gov Cyber Retraining Academy
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
21 Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
22 SANS Data Breach Summit & Training 2017
SANS Data Breach Summit & Training 2017
SANS Institute
23 SANS Secure DevOps Summit & Training 2017
SANS Secure DevOps Summit & Training 2017
SANS Institute
24 How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
25 SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
26 SANS Cybersecurity Programs for the Department of Defense
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
27 SANS Pen Test HackFest Summit & Training 2017
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
28 SANS SIEM & Tactical Analytics Summit & Training
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
29 If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
30 SANS Institute
SANS Institute
SANS Institute
31 ICS515: ICS Active Defense and Incident Response
ICS515: ICS Active Defense and Incident Response
SANS Institute
32 SANS Institute
SANS Institute
SANS Institute
33 Introducing the NEW SANS Pen Test Poster
Introducing the NEW SANS Pen Test Poster
SANS Institute
34 SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
35 SANS ICS Security Training, Munich, Germany
SANS ICS Security Training, Munich, Germany
SANS Institute
36 SANS Automotive Summit Webcast
SANS Automotive Summit Webcast
SANS Institute
37 Privesc Playground - SANS Pen Test HackFest Summit 2017
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
38 Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
39 Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
40 SANS Security Operations Summit & Training 2018
SANS Security Operations Summit & Training 2018
SANS Institute
41 Sh*t Happens!  (But You Still Need to Drink the Water) – SANS ICS Summit 2018
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
42 ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
43 You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
44 A Sneak Peak at the New ICS410
A Sneak Peak at the New ICS410
SANS Institute
45 Jumping Air Gaps – SANS ICS Summit 2018
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
46 Introduction to Linux
Introduction to Linux
SANS Institute
47 Introduction to Malware Analysis
Introduction to Malware Analysis
SANS Institute
48 You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
49 Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
50 Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
51 Apples and Oranges?:  A CompariSIEM – SANS Security Operations Summit 2018
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
52 SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
53 SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
55 How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
56 Practical Advice for Submitting to Speak at a Cybersecurity Conference
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
57 SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
58 SANS Webcast - Zero Trust Architecture
SANS Webcast - Zero Trust Architecture
SANS Institute
59 SANS STX Cyber Range
SANS STX Cyber Range
SANS Institute
60 Part 1 – SANS Institute and Tenable talk about cloud security
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute

Related Reads

Up next
The most common trait amongst the world’s top 350 CEO’s 💪
Uncensored CMO
Watch →