homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defence Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. 2019 SANS Security Awareness Summit: Recap
370x370_Lance-Spitzner.jpg
Lance Spitzner

2019 SANS Security Awareness Summit: Recap

We just wrapped up the 2019 SANS Security Awareness Summit in San Diego, California. Over 300 security awareness professionals came together from

August 29, 2019

We just wrapped up the 2019 SANS Security Awareness Summit in San Diego, California. Over 300 security awareness professionals came together from across the globe to learn from and share with one another other. Simply put, it was amazing! Awareness folks are some of the friendliest, passionate, and most interactive people I’ve known. In this post, I want to share with you some thoughts, lessons learned, and key takeaways from this year’s event.

I’ll start with an overview of the top ranked talks, which were rated by Summit attendees, followed by general observations of the event and our industry.

Top Rated Talks by Attendees

  • Jake Williams – Latest Human Attacks: We have an annual tradition at Summit, we like to kick off each summit by first defining assh-2019-summit-1.jpg problem or challenge facing the industry. Last year, for example, professional social engineer, Jen Fox demonstrated how a social engineer thinks. This year, Jake Williams, ex-NSA hacker and a world expert in Incident Response, walked us through the latest human-based attacks he sees in the real world. Attendees really appreciated getting to peer into the mindset of who their adversaries are, how they think, and the latest human attack methods they are using. What is especially interesting is how targeted and crafty the most effective phishing emails have become.
    Slide deck from Jake's talk available here.
  • Jill Barclay – The Creative Process Behind Fun, Low-Budget Videos: Jill knocked it out of the park with this one. She detailed to the audience how they can create highly effective, truly engaging videos with almost zero budget and some props from your home. Jill’s key takeaway was that anyone can create effective, fun, and engaging videos on a minimal budget. It just takes some creative thinking. Jill also won last year’s Video Wars competition with her Cyber Villain series, which has now become a whole series of awareness training videos for her company.
    Slide deck from Jill’s talk is available here.
  • Adam Tice - A Lesson in Survival: Transforming Culture by Preparing for a Crisis: Adam’s story was one of the most emotional as he detailed to attendees the breach at Equifax and the impact that had on people and our culture. In his talk, he deeply detailed the importance of individuals, touching on the idea that it only takes one person to inspire change. This lesson rings true not only in the cybersecurity landscape, but also within our everyday lives. The key takeaway from Adam’s talk was the growing need to partner and build strong relationships before a crisis happens and how critical those partnerships become.
    Slide deck from Adam’s talk is available here.ssh-2019-summit-2.jpg
  • Micah Hoffman - OSINT Workshop: Hands-down, this was one of the most popular and highly rated workshops ever hosted at the Summit. Micah is a top-rated SANS instructor and detailed what OSINT (OpenSource Intelligence) is, how it is used, and how it can apply to the world of security awareness. Then, through a series of interactive labs, teams conducted OSINT assessments of themselves. It is absolutely amazing, not only the amount of information you can learn about any person or organization, but the extensive tools and frameworks to help you do it.
    Slide deck from Micah’s talk is available here.
    BONUS: Workshop handout from Micah’s talk available here.
  • ssh-2019-summit-3.jpgAlexandra Panaretos – Partnerships and Collaboration: Throughout the event, people continuously brought up just how important partnerships and collaboration are, so Alex’s talk really hit the spot for these attendees. Her focus was ultimately on how to build trust with others, as she detailed that trust is the currency to derive value and loyalty. She also reminded the audience that there’s an escalating need to put the humanity back into the human element of security.
    Slide deck from Alexandra’s talk is available here.
  • Nicole Jacobs - Security Awareness Recognition Program: Nicole shared how she created a recognition program for USAA’s fraud fighters, making it not only fun and creative, but also highly engaging and motivating for USAA’s customer support staff. What attendees loved about Nicole is she presented it in a way that attendees could easily act upon.
    Slide deck from Nicole’s talk is available here.

Special Events: We had two talks in this special session, Bob Hewitt and Justin Perkins covered How to Build Your Own

ssh-2019-summit-4.jpg

Escape Room and Laney Cannon covered Online Digital Scavenger Hunt. What was great with both talks is that they both covered in detail how to launch these events. People especially loved that Laney’s talk detailed how her hunt easily reached their remote workforce, with virtually no budget.

Optional Third Day: Every year at the summit SANS likes to challenge the status quo and try something new for Summit attendees. This year, we implemented an optional third day to the agenda so that people could extend and expand their learning. It was a huge success. Instructional Design experts Kevin Bennet and Andrew Mantuano spoke to attendees about the concepts of Adult Learning, the ADDIE and ARCS model and the specifics of designing good Learning Objectives. This is key to an awareness program, as your Learning Objectives specify the actual behaviors you want people to exhibit to manage risk.
Slide deck from Kevin and Andrew’s talk is available here.

Their talk was followed by a one-hour Birds of a Feather (BoF) session that discussed topics on Advanced Phishing, Critical Infrastructure, Behavior Modeling and Engagement Strategies. It was a great opportunity for professionals to discuss in small groups and learn from each other.

ssh-2019-summit-5.jpg

Networking: I think the networking events are what attendees often appreciate the most. They get the chance to meet, network, and learn from others in a relaxed, no pressure zone. We hosted numerous interactive networking events, including a pre-social treasure hunt, two bonus evening activities (including Tacos & Tequila on Mission Bay), numerous breaks, and onsite lunches.

One of my favorite networking events this year was the Living Map. In this exercise, we sectioned off the entire lecture hall into a map of the world. With different parts of the hall labeled from locations around the world, we then had all 300+ attendees go to and stand in the hall based on where they lived. It was so successful because people got to meet other awareness professionals who lived near them, ensuring they can continue those relationships. Many people spent that time comparing cities, exchanging business cards, and connecting on LinkedIn. They could have spent the entire Summit sitting a few chairs down from someone who might work in the same business district in their city and never had known it.

Fun fact: The record for the longest commute to the Summit was over thirty hours for one attendee, who traveled from South Africa. Plan on even more networking opportunities during next year’s Summit.

ssh-2019-summit-6.jpg

Sharing Toolsets: Two great, popular activities were the Security Awareness Video Wars and the Show-n-Tell tables. The Video Wars were comprised of short video clips, under 3 minutes, which people developed for their security awareness programs with many bringing humor into the mix. The attendees were asked to vote on the videos, with an informal panel. The collaboration and innovative ideas were remarkable.

The Show-n-Tell display tables were available for people to browse throughout the Summit, allowing for the sharing of all types

ssh-2019-summit-7.jpg

of collateral, from lanyards to web cam covers, to mascots/villains, and even selfie stick masks. This offered great inspiration for other awareness professionals to learn how organizations made the materials, which ones were the most effective, and why.

Feedback for Next Year: We received a tremendous number of ideas from our feedback for next year, here are some of the most exciting:

  • Due to the overall success, we will definitely return with a half Day 3 of the Summit next year. We are also exploring the idea of making the Day 3 dedicated to a workshop.
  • The Living Map was a huge hit, so we will be sure to add that to the agenda next year. We may also include options for specific industries as well.
  • Feedback from our half Day 3 attendees loved the Birds of a Feather (BoF) session so much that we are thinking about adding that session to the main agenda.
  • For the evening of Day 2, we will enable attendees to sign-up for dinners with other attendees based on topics and industries. In other words, pick the people you want to go out to dinner with based on a common challenge or industry you share. It’s like a dinner version of BoF where you get to decide and drive the conversation.
  • Expect more talks that detail how the individual speakers implemented something in their program, such as metrics, gamification, engagement, and so on. The focus will not be as heavily weighted on what they did, but how they did it. I think this will give the Summit attendees a much better look into how they might be able to implement similar practices into their own programs.
  • Expect more time for Questions and Answers. We had a lot of really great announcements this year, including the SANS Security Awareness Professional (SSAP) credential, but because of the tight agenda, we couldn’t dedicate as much time conducting a Q&A on the SSAP as we would have preferred.

Conclusion: This was a fantastic event this year. It was packed with opportunities to share, meet with, and grow from each other. I would especially like to thank this year’s Summit Advisory Board who worked tirelessly to help plan and host the event, including Neaka Lynn Balloge, Cheryl Conley, Meredith Howland, Molly McLain-Sterling, Lisa Miglioratti, Stephanie Pratt, Janna Sondenaa, and Maritsa Santiago. Ultimately, this event is by the community, for the community.

ssh-2019-summit-8.jpg

We are already planning for next year’s Summit, which will take place in Austin, Texas. If you are interested in being a speaker at Summit, the CFP (Call for Presentation) process will begin February 2020.

If you have a suggestion for or want to ask a question about the SANS Security Awareness Summit, please don’t hesitate to reach out to me! Don't miss the action as the next Security Awareness Summits are this November 20-21 in London and next August 5-6, 2020 in Austin, Texas.

Find the slides from all talks at the Summit Archives page.

Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Security Awareness

Related Content

Blog
Security Awareness, Security Management, Legal, and Audit
December 13, 2022
SANS MGT433 Managing Human Risk – Now Expanded to Three Days
This expansion reflects just how much the field of security awareness / managing human risk has matured.
370x370_Lance-Spitzner.jpg
Lance Spitzner
read more
Blog
Top_10_Summit_Talks_2022.png
Cybersecurity Insights, Digital Forensics and Incident Response, Cyber Defense, Cloud Security, Open-Source Intelligence (OSINT), Security Management, Legal, and Audit, Security Awareness
December 5, 2022
Top 10 SANS Summits Talks of 2022
This year, SANS hosted 13 Summits with 246 talks. Here were the top-rated talks of the year.
370x370-person-placeholder.png
Alison Kim
read more
Blog
SSA_-_CAM_-_Blog_Thumb_-_What_is_Phishing_Resistant_MFA_-_.jpg
Security Awareness, Security Management, Legal, and Audit
October 6, 2022
What is Phishing Resistant MFA?
What exactly is phishing resistant MFA, what are the benefits, and what does it mean to you and your organization?
370x370_Lance-Spitzner.jpg
Lance Spitzner
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn