We are super excited to announce the two-day course SANS MGT433: Managing Human Risk: Mature Security Awareness Programs has just completed its biggest update ever. The class even has a new name. This new update shifts the class’s focus from “Security Awareness” to “Managing Human Risk”. While at first these may appear like the same topic, and in many ways they are, this new shift enables students to take a far more strategic approach and align their program with their organization’s strategic security priorities.
A common problem we have seen for years is far too often leadership perceives security awareness as a ‘side project’, even security teams can struggle understanding the value of security awareness. Think about it, how many CISO’s do you know started off as security awareness officers? This new class takes a much more strategic approach with a focus on managing human risk, enabling students not only to build mature awareness programs, but integrate and strategically align their program with their security team’s top priorities. So, what is new, why should you get so excited?
New content includes . . .
- The role security awareness plays and how it integrates with an organization’s security team and other security efforts.
- A far deeper dive into defining human risk, to include covering topics such as risk tolerance, residual risk and the human risk wheel.
- The overall strategic approach of WHO, WHAT and HOW has now been replaced by RISK, BEHAVIOR and CHANGE. These new pillars are driven by the relentless focus on managing human risk and integrate far better with other security efforts.
- We do a much deeper analysis into human risk assessments, to include leveraging data sources such as human risk surveys, Cyber Threat Intelligence (CTI), security reports and leveraging the MITRE ATT&CK model.
- For promoting change we leverage the Golden Circle and how you can more closely align your engagement strategy with your organization’s culture.
- New course content and material on virtually engaging and training remote workforces, to include Virtual Live Training (VLT).
- The new class aligns with MGT512: Security Leadership Essentials for Managers, MGT521: Leading Cybersecurity Change: Building a Security-Based Culture and MGT514: Security Strategic Planning, Policy, and Leadership, SANS top courses on security leadership, providing students a more defined roadmap for developing their career in cybersecurity.
The end result of this class is you will be far better armed and able to not only build mature awareness programs but partner with your security team on managing human risk, and ultimately your security team’s strategic priorities.
About The Author:
Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture and awareness training and is a SANS Senior Instructor. He helped pioneer the fields of deception and cyber intelligence with his creation of honeynets and founding of The Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries, and helped over 350 organizations build awareness programs to manage their human risk. He is also on the Board of Advisors for Attivo Networks. Lance is the author and an instructor for MGT433: Managing Human Risk: Mature Security Awareness Programs, and MGT521: Leading Cybersecurity Change: Building A Security-Based Culture, and built the SANS Security Awareness business unit from the ground up over the past 10 years. With the catalyst of COVID-19, Lance created multiple resources for securing humans from home, from those working remotely for the first time or managing newly remote teams, to children learning and playing online.
