Sunday, March 18, 2018

InfoSecWorld 2018 - The Hacker Carnival

I am proud to announce I am speaking at InfoSecWorld 2018 on March 19th - 3:20pm in Grand Republic B. Come say hi and hear about the Hacker Carnival.

We will be talking about how you engage your security team and get them to build relationships via a mini-conference we call the Hacker Carnival. The goal is to create security awareness training that makes everyone aware of the security team and not just aware of security.

I hope to see you there. You can read more about it at this link or below:

The Hacker Carnival - Security Awareness Can Be Exciting and Effective. No Really.

Security awareness training is often the butt of jokes regarding the security posture of an organization. It’s treated as something everyone clicks through at the end of the year and suddenly POOF an organization is magically secure! We all know this is not the case. Tailored attacks against specific organizations leverage human elements that render technical controls ineffective. Online attacks are blending with traditional cons because the target is partially a person and not just a system.
We have to find a better way to educate our teams about security without security awareness becoming a punchline. If we can’t get our security teams excited about security awareness, what chance do we have at engaging other teams in the organization?

This presentation will focus on creating a security awareness program that engages security teams with the people they are charged with protecting. By blending traditional security awareness models and relationship building you get a program built on people and not policy. The audience will see real-world approaches that were used successfully in a large Fortune 400 enterprise. This includes leveraging vendor relationships, presentations, developing custom online training content, and the Hacker Carnival.

The Hacker Carnival was developed as a way to engage all employees through five minute demos and conversations. These demos show the audience the magic, but not the trick behind a number attacks that impact them every day. These demos then show the audience how to protect themselves and the organization. More importantly, they put a human face on the security team. Security awareness is not a silver bullet for all security woes. However, using a model that blends engagement, demos, presentation, and training will help create the relationships that may prevent a major breach.

  • Learn to engage users with security awareness training that isn't just guided online modules and quizzes
  • Learn to build five-minute demos that show users common attacks and how to protect themselves
  • Learn ways to show the human side of your security team and build relationships through small group demos
  • Inspire your team by letting them show your organization how they provide protection from real threats via demonstrations
  • Learn real strategies to run an in-house \"micro security convention\" that will educate users and leadership about security issues

No comments:

Post a Comment